On 10.4.2012, at 19.35, Ed W wrote: > Does dovecot 2.0 also support SCRAM-SHA?
v2.1 does. > I only mention because it's come up on my radar recently and as I understand > it, it solves the issue of either having > - plain text db of passwords, encrypted login > - encrypted db of passwords, plaintext login > > With SCRAM you have both sides "encrypted". The same way as with DIGEST-MD5 and several others. Each mechanism requires that the server-side password is saved using a hash specific to that auth mechanism, none of them support generic MD5/SHA/etc hashes or other mechanisms' hashes. Looks like Dovecot's current SCRAM-SHA1 supports only plaintext passwords, but it would be possible to add SCRAM-SHA1 password scheme similar to others.