Mail user password management

As I understood from View user passwords for email accounts hestia stores user email passwords encrypted. If people login, their passwords are being matched with what is stored. So you decrypt them at that stage. So you can make a list of all of them as well, with the right script.
I’d like to perform just the decryption to make migrating email user accounts easier for them.

You can’t decrypt the password.

We store it as Bcrypt by default (Fail back to ArgonID or MD5) when the first methods are not availble

(But that would mean Debian 9 or lower…)

Dovecot does the same and also need to ecrypt the password with the same salt and compare the passwords…

So the only way to retrieve a current password unencrypted is by grabbing it from RAM in between or some such scenario?

BCRYPT and ArgonID and MD5 are never reversible (For md5 you can of course use rainbow tables…) So the only moment when you can grab the unencrypted password is when a password has been changed and or account has been created …

1 Like