Hi, ppls
There is some problem with using passwd-like file and plaintext
passwords within it.
Let's assume we have users speaking russian. They think and remember
their passwords also within russian words (they just not change
keyboard layout before entering their passwords).
So if the user has password like ":jgf" (meaning "ass" in
russian)
and passwords are stored into passwd-like file within {PLAIN} scheme
what will happen?
====user:{PLAIN}:jgf:1234:1234:....
====
Isn't it a reason to implement something like {HEX} and why?
WBR
Dmitri Ivanov
On Nov 13, 2008, at 8:08 PM, Dmitri V. Ivanov wrote:> So if the user has password like ":jgf" (meaning "ass" in russian) > and passwords are stored into passwd-like file within {PLAIN} scheme > what will happen? > > ====> user:{PLAIN}:jgf:1234:1234:.... > ====> > Isn't it a reason to implement something like {HEX} and why?v1.1+ supports {plain.b64} or {plain.hex}. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20081113/12b6ab6a/attachment-0002.bin>
On Thu, Nov 13, 2008 at 08:16:17PM +0200, Timo Sirainen wrote:> > v1.1+ supports {plain.b64} or {plain.hex}. >As far as I can see (well - grep is used) You are implemented something (I don't untderstand code jet - just from comments within src/auth/password-scheme.c). It seems like to look for .hex,.b64 and .base64, But I'm wrong to find anything about it from wiki or NEWS. Where I'm wrong? WBR Dmitri Ivanov