MD5 Passwords in MySql?

Charles Bradshaw brad at
Fri Apr 12 09:08:40 EDT 2013

Further to our previous discussion on the possibility of storing hashed
passwords in the imap authentication database.

I draw your attention to:, which
abstract clearly states;

"This specification provides a simple challenge-response authentication
protocol that is suitable for use with IMAP4. Since it utilizes
Keyed-MD5 digests and does not require that the secret be stored in the
clear on the server".

While I don't fully understand the cryptography details of the proposal
it is clear that the requirement to avoid storing clear text passwords
while retaining the security advantages of challenge-response is

Is there the possibility to implement this?

Charles Bradshaw  

On Tue, 2013-03-26 at 08:00 -0400, Adam Tauno Williams wrote:
> On Tue, 2013-03-26 at 10:17 +0000, Charles Bradshaw wrote: 
> > Thanks Guys
> > I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually
> > exclusive with hashed passwords.
> > D'oh! I think I even posted that fact in answer to a previous thread.
> No problem, it happens to us all.  Yesterday I posted two messages to
> lists relating to issues that as soon as I posted them I found the
> answers right there in the documentation.  Right there!  I swear I had
> already looked twice. 

More information about the Info-cyrus mailing list