The reasoning for my use of CRYPT is that most of my users are still from when VPOPMAIL didn't support MD5. But in terms of this situation, the base64 password that the user sends would likely be better decode_base64()'d and then compared against the clear-text password.
From: "Paul L. Allen" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: [vchkpw] Re: SMTP-Auth bug in passwords? Date: Wed, 10 Sep 2003 13:30:27 GMT
Mike Miller writes:
> Nope. Not using MD5 passwords.
That would explain it then. As Tom said, DES-style crypt ignores everything after the first eight characters of the password. MD5-style crypt has a higher limit, from memory I believe it's something like 126.
-- Paul Allen Softflare Support
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail