@navi I'm really curious now what they are migrating *from*, exactly...
(The 72 character limit is actually a limit of bcrypt itself and I'm not really sure why they're migrating *to* bcrypt in 2025)
@joepie91 this sort of thing is why you just support multiple ciphers
@navi The simpler solution would be to just use argon2id, tbh, which is a better option than bcrypt in basically every respect
@joepie91 dovecot is going on my nerves with having to actually put shit into the config if you want to also use argon2 for instance
@joepie91 and then you can't use old hashes anymore and everyone needs a new fucking password raaah
@navi Right. The 'correct' way to handle this sort of thing would be to do 'rolling' migrations, in that upon auth, the password gets re-hashed with the currently-default algorithm and stored. But almost nobody actually implements that. It's annoying.
@joepie91 oh for fuck's sakeeee