Feature Request: md5 password encryption

Hi all.

I frequently install nextcloud on Linux platforms, sharing the user base with mail server. It is very useful to share user profiles (and passwords) with, in my case, dovecot imap server.

The problem is that dovecot can access to the database easily, but it doesn’t support the same encryption method for the passwords. (AFAIK the one used natively supported by PHP is a *BSD way).

I made a simple patch to save passwords in md5 format (in lib/private/Security/Hasher.php), but of course now is a bit unpractical, as, at least, I have to apply the patch by hand again potentially after every update - and now also the integrity check fails…

Thank you for your attention.

Best regards,
Gabriele Turchi

You can use external authentication backends, e.g. imap! So you can directly authenticate against your dovecot imap server. Please use there blowfish, sha256/512, …

Ok, sorry. md5 was just an example, the easiest way to have something working. But there are many other ways, like sha512:


But using user_sql I do not think it’s a good alternative because I wish to use nextcloud to do users management, I don’t like the idea to install another program/system to do just this function.

Of course, having still in nexcloud core the ability to save some extra, custom user data (like the uid) should be the best option for me (I’m currently using postgresql rule to manage that, inserting extra data in a secondary table).

1 Like

Best would be to use it as an authentication backend, there was a topic with some pointers:

1 Like