[RCD] Possible bug in Roundcube password plugin: cannot generate correct bcrypt hash

Zhang Huangbin zhbmaillistonly at gmail.com
Sun Sep 14 11:48:40 CEST 2014


Dear developers,

I'm running Roundcubemail-1.0.2 on OpenBSD 5.5, i tried to generate bcrypt password hash with ldap_simple password driver, it generates password hash with prefix '{crypt}$2a$' which identities it's a blowfish/bcrypt hash, but Dovecot cannot verify it.

Dovecot works fine if i generated password hash with Dovecot command 'doveadm pw -s BLF-CRYPT' or Python bcrypt module. So i think there might be something wrong in Roundcube password driver. Could you help inspect it?

Thank you very much.




More information about the dev mailing list