Issue Description
Before v0.16 of Stalwart it was possible to set custom App Passwords. Now it creates 40 character long passwords which are too long sometimes for some services. It would be great to be able to generate shorter app passwords.
Expected Behavior
Being able to generate App passwords with custom length.
Actual Behavior
40 character long App passwords.
Stalwart Version
v0.16.x
Installation Method
Docker
Database Backend
RocksDB
Blob Storage
RocksDB
Search Engine
Internal
Directory Backend
Internal
I have reviewed the documentation and FAQ and confirm that my issue is NOT addressed there.
on
I have searched this support forum (open and closed topics) and confirm this is not a duplicate.
on
I understand that topics in this category are triaged by a bot first but a human reply will follow up. If you’d prefer a human-only reply, add the no-ai tag to your topic.
on
What is the max password length allowed by the service(s) you’re using?
Thanks for your reply. The service I’m using allows a maximum of 31 characters. It’s a bit a weird number but probably it would be nice to be able to generate App Passwords between 20 and 40 characters on request.
The issue with this change is that Stalwart includes some metadata in the password itself such as the credential id. The actual password length is 18 bytes. It could be reduced to 12 while keeping it secure, but less than that would make the app password insecure.
That’s unfortunate as reducing the password to 12 bytes would make the password 34 characters long which is still too long. I understand that reducing it more would be considered insecure but is it really if the full App Password is still let’s say 30 characters long? What about adding numbers and special characters?
@stalwart Will the behaviour of App Passwords change or do I have a use a different mail server for cases like this?