I'm preparing new mail system with iRedMail. My developers needs info about how are hashes of password generated. I want to know how iRedMail generates hashes, is any salt used and what algorithm?
I didn't find it in iredadmin files (this files are like black magic for me) so info about where in this files I can find this info will be also good.
Multiple methods actually. In the newest version it actually will allow you to change the encryption method to plain MD5 with little tweaking so it is compatible with other software like SOGo.
By default it salts and uses Crypt to encrypt. But it also supports plain text and MD5 so you can use Roundcube for password changing.
For older version's there is a guide here that I made to use MD5: http://www.iredmail.org/forum/post15022.html#p15022
But from the box it was Crypt and salted unless they changed something. http://www.iredmail.org/doc.html
EDIT: I forgot, all password method's are stored in iredutils.py under the libs directory. In recent versions they have scattered thing's around a bit but for the most part the main function's are there and you can reverse engineer this from there.
For compatibility I would suggest changing it to use MD5, as it's very easy for most system's to MD5 a password. While keeping the same salting and encrypting as they use for default is a bit more cumbersome.
We had this problem on our mail server's awhile back while implementing it with SOGo, it's just easier to change it to use MD5-PLAIN instead.
