Third Party Contributions > API Based Plugins

Password hashing algorithm SHA256

(1/2) > >>

I don't know if this is the place to post this question, please move it if is necessary.

I have hmailserver 4 installed on my server, the version 5 is out now as a stable version and i want to upgrade. The problem is that they now have a new algorithm to process the passwords and i want to know if roundcube / myroundcube support it. The new algorithm is called SHA256. They still support MD5, but it would be nice for roundcube to support the new alghorithm.

Here's the text from hmailserver website:

"In version 4, hMailServer stored account passwords as MD5 hashes in the database. MD5 is no longer considered to be sure so in hMailServer 5 an algorithm named SHA256 is used instead. If you have custom-built software which accesses the hMailServer database and assumes that account passwords are MD5 hashes, you either need to update this software, or you need to configure hMailServer to continue using MD5 using the PreferredHashAlgorithm setting."

Thanks in advance for your replies.

No, MyRoundCube only supports MD5 hashs. Let me know, if you find some PHP code to use the new encoding and I'll implement it. I could use hMailServer COM API. But I don't like to do it. The reason is, that I do not want to loose the ability to host hMailServer on a windows emulation while RoundCube is running unix based.

UPDATE: I'm going to test PHP: sha1 - Manual and let you know.

I can't get it working to reproduce the hmailserver hash (without using the COM object which is besides my goals). As a work around I've made MyRoundCube now to use always md5 for self-registration and change password plugin as a fall back.

The disadvantage is that all self-registrated users and those who change their password by MyRoundCube will fall back to md5 password hashes - not a big issue, IMO.

Changes will be released along with next MyRoundCube update.

Don't worry, Hmailserver 5 has the option to use MD5, it's not the defualt anymore but can be used.

Welcome back from vacation.


[0] Message Index

[#] Next page

Go to full version