Menu
I am working on a web administration module for mailservers (it's open source if you'd like to take a look).
For that, I need to be able to generate hashed password that is readable by Dovecot. As described on their wiki, their recommended password hashing scheme is SSHA256 (the extra S is for salted).
It's also explained that this could be reasonably simple to implement with something like this PHP code:
$salt = 'generate_a_salt_somehow';
$hash = hash('sha256', $password . $salt);
However, from what I've read about cryptography, that is a rather naíve way to generate salted hashes, but if you're doing it wrong when typing A-E-S in your source code, I figured the same could be true in this case.
So if you have insight into cryptography, I'd love to hear about the most secure way to do this, be it mcrypt, mhash or whatever.
434
Password generation function in PHP:
$hash = "{SSHA256}".base64_encode(hash('sha256', $password.$salt, true).$salt);
Necessarily "true" - the third parameter...
147
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
