[GH-ISSUE #5] Switch to using the built-in hash() function for more secure algorithms for password hashing #6

Closed
opened 2026-02-26 09:35:04 +03:00 by kerem · 2 comments
Owner

Originally created by @basilgohar on GitHub (Oct 1, 2011).
Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/5

Dovecot supports more hashing algorithms than currently supported by ViMbAdmin's Mailbox class. Switching over to the hash() function that comes with PHP will enable a large variety of hashing algorithms, notably more secure ones such as sha256 and, theoretically, even better ones in the future as they become available.

I am currently using sha256 as the hashing algorithm for the enhanced security that it offers, and this was the impetus in proposing this enhancement request. I am willing to contribute a patch if this is deemed meritable.

Originally created by @basilgohar on GitHub (Oct 1, 2011). Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/5 Dovecot supports more hashing algorithms than currently supported by ViMbAdmin's Mailbox class. Switching over to the hash() function that comes with PHP will enable a large variety of hashing algorithms, notably more secure ones such as sha256 and, theoretically, even better ones in the future as they become available. I am currently using sha256 as the hashing algorithm for the enhanced security that it offers, and this was the impetus in proposing this enhancement request. I am willing to contribute a patch if this is deemed meritable.
kerem 2026-02-26 09:35:04 +03:00
  • closed this issue
  • added the
    feature
    label
Author
Owner

@basilgohar commented on GitHub (Oct 1, 2011):

PHP documentation for the hash() function:
http://www.php.net/manual/en/function.hash.php

Dovecot documentation for hashing algorithm options:
http://wiki.dovecot.org/Authentication/PasswordSchemes

(Up to salted SHA512 is supported in version 2)

This should be applicable to more than just Dovecot, of course. :)

<!-- gh-comment-id:2254990 --> @basilgohar commented on GitHub (Oct 1, 2011): PHP documentation for the hash() function: http://www.php.net/manual/en/function.hash.php Dovecot documentation for hashing algorithm options: http://wiki.dovecot.org/Authentication/PasswordSchemes (Up to salted SHA512 is supported in version 2) This should be applicable to more than just Dovecot, of course. :)
Author
Owner

@barryo commented on GitHub (Feb 15, 2014):

Dovecot hashing is now supported in V3.

<!-- gh-comment-id:35151409 --> @barryo commented on GitHub (Feb 15, 2014): Dovecot hashing is now supported in V3.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ViMbAdmin-opensolutions#6
No description provided.