On Tue, 2010-09-21 at 11:24 -0700, David Jonas wrote:
> We have a plethora of accounts for which we would like to enable
> CRAM-MD5 but their passwords are stored as MD5 hashes. Is there anything
> we can do? Can we take a linux MD5 hashed password (e.g.
> $1$fac330ee$wd6Tll...) and convert it to dovecot's CRAM-MD5 format (e.g.
> {CRAM-MD5}b3f297...)?a) Crack the password with brute force. Probably won't be highly successful. b) The plaintext password is known while user logs in. Save it as CRAM-MD5 at that time.
