#121 multiple hash algorithms using system's crypt in pacrypt

open
nobody
None
5
2017-03-07
2013-08-30
No

This patch adds another $CONF['encrypt'] type, 'php_crypt', which uses the PHP crypt() function, which in turn uses the system's crypt() (much like the current 'system' type in postfixadmin-2.3.6)

The difference to the current 'system' type is that you can choose which hash type you want to use for new passwords. (currently DES, MD5, Blowfish, SHA256, SHA512; defaults to )

The current 'system' type only generates MD5 hashes with 2-character salt.

I do not have 'dovecotpw' on my system so that was not an option.

It does not interfere with existing 'encrypt' types, but could be incorporated into the 'system' type.
Tested on CentOS 5 and 6, Dovecot 2 and Postfix.

1 Attachments

Discussion

  • Magnus Stenman

    Magnus Stenman - 2013-08-30

    defaults to MD5

     
  • Magnus Stenman

    Magnus Stenman - 2015-07-08

    Cleaned patch up a bit, tested on CentOS 7 and Postfix Admin 2.92

    Removed the need for two config variables, using the dovecot approach
    Renamed the methods to DES, MD5, BLOWFISH, SHA256, SHA512

     
  • GingerDog

    GingerDog - 2015-07-12

    Hi - thanks for the patch.

    Would it be better to use http://php.net/password_hash than crypt() directly?

    Although this would have the side effect of restricting us to PHP5.5 or above and perhaps that wouldn't be well received ....

     
  • Magnus Stenman

    Magnus Stenman - 2015-07-12

    Correct. I'm running this on CentOS 6 and 7, which use PHP 5.3 and 5.4, respectively.

    Over the years the mailbox table has accumulated DES, MD5 and SHA512 hashes, and this patch allows them all to work. (until password change -- then the configured hash is used.)

     
  • Magnus Stenman

    Magnus Stenman - 2017-03-07

    Same patch for 3.0.2.
    Tested on CentOS 7.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks