1 Topic by tyllee

  • tyllee
  • Member
  • Offline
  • Registered: 2013-03-27
  • Posts: 98

Topic: Password encryption

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4
- Linux/BSD distribution name and version: deb 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- Related log if you're reporting an issue:
===

Is there any differens how the password is saved in the database regarding encryption if you use the different password interfaces: iredadmin-pro, sogo, roundcube?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,809

Re: Password encryption

*) iRedAdmin-Pro uses SSHA512 by default. If you have custom setting in iRedAdmin-Pro config file, it may use different one.

*) Roundcube uses SSHA512 too.
*) SOGo uses SSHA.

I will try to update SOGo to use ssha512.

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,809

Re: Password encryption

UPDATE: confirmed that SOGo supports SSHA512. Next iRedMail release will configure SOGO to use SSHA512 by default.

            userPasswordAlgorithm = ssha512;

So next iRedMail release will configure iRedAdmin (including iRedAdmin-Pro), Roundcube, SOGo to store password in SSHA512 hash by default.

4 Reply by tyllee

  • tyllee
  • Member
  • Offline
  • Registered: 2013-03-27
  • Posts: 98

Re: Password encryption

Awesome!