--- a/vcdb.c	2011-02-28 18:00:45.000000000 +0100
+++ b/vcdb.c	2020-02-25 17:46:43.360186000 +0100
@@ -672,14 +672,14 @@
  char Dir[156];
  uid_t uid;
  gid_t gid;
- char crypted[100];
+ char crypted[128];
 
 	if ( vget_assign(domain, Dir, 156, &uid, &gid ) == NULL ) {
 		strcpy(Dir, VPOPMAILDIR);
         }
  
         if ( pass[0] != 0 ) {
-            mkpasswd3(pass,crypted, 100);
+            mkpasswd3(pass,crypted, sizeof(crypted));
         } else {
             crypted[0] = 0;
         }
--- a/vldap.c	2020-02-25 17:49:48.775599000 +0100
+++ b/vldap.c	2020-02-25 17:49:30.139649000 +0100
@@ -490,7 +490,7 @@
     int ret = 0, vd = 0;
     int i,len;
     char *b = NULL;
-    char crypted[100] = { 0 };
+    char crypted[128] = { 0 };
 
 
     if ((dir) && (*dir))
@@ -547,11 +547,11 @@
     lm[0]->mod_values[0] = safe_strdup(user);
 
     /* lm[1] will store : userPassword / pw_password */
-    memset((char *)crypted, 0, 100);
+    memset((char *)crypted, 0, sizeof(crypted));
     if ( password[0] == 0 ) {
         crypted[0] = 0;
     } else {
-        mkpasswd3(password, crypted, 100);
+        mkpasswd3(password, crypted, sizeof(crypted));
     }
 
     lm[1]->mod_values[0] = (char *) safe_malloc(strlen(crypted) + 7 + 1);
--- a/vmoduser.c	2011-02-28 18:00:45.000000000 +0100
+++ b/vmoduser.c	2020-02-25 17:48:02.385359000 +0100
@@ -74,7 +74,7 @@
         if ( Gecos[0] != 0 ) mypw->pw_gecos = Gecos;
         if ( Dir[0] != 0 ) mypw->pw_dir = Dir;
         if ( Passwd[0] != 0 )  {
-            mkpasswd3(Passwd,Crypted, 100);
+            mkpasswd3(Passwd,Crypted, sizeof(Crypted));
             mypw->pw_passwd = Crypted;
 #ifdef CLEAR_PASS
             mypw->pw_clear_passwd = Passwd;
@@ -100,7 +100,7 @@
             if ( Gecos[0] != 0 ) mypw->pw_gecos = Gecos;
             if ( Dir[0] != 0 ) mypw->pw_dir = Dir;
             if ( Passwd[0] != 0 )  {
-                mkpasswd3(Passwd,Crypted, 100);
+                mkpasswd3(Passwd,Crypted, sizeof(Crypted));
                 mypw->pw_passwd = Crypted;
 #ifdef CLEAR_PASS
                 mypw->pw_clear_passwd = Passwd;
--- a/vmysql.c	2020-02-25 17:49:48.779876000 +0100
+++ b/vmysql.c	2020-02-25 17:48:49.386502000 +0100
@@ -376,7 +376,7 @@
  gid_t gid;
  char dirbuf[200];
  char quota[30];
- char Crypted[100];
+ char Crypted[128];
  int err;
     
     if ( (err=vauth_open_update()) != 0 ) return(err);
@@ -410,7 +410,7 @@
     }
 
     if ( pass[0] != 0 ) {
-        mkpasswd3(pass,Crypted, 100);
+        mkpasswd3(pass,Crypted, sizeof(Crypted));
     } else {
         Crypted[0] = 0;
     }
--- a/voracle.pc	2011-02-28 18:00:45.000000000 +0100
+++ b/voracle.pc	2020-02-25 17:48:41.961576000 +0100
@@ -321,7 +321,7 @@
  gid_t gid;
  char dirbuf[200];
  char quota[30];
- char Crypted[100];
+ char Crypted[128];
  int err;
     
     if ( (err=vauth_open_update()) != 0 ) return(err);
@@ -355,7 +355,7 @@
     }
 
     if ( pass[0] != 0 ) {
-        mkpasswd3(pass,Crypted, 100);
+        mkpasswd3(pass,Crypted, sizeof(Crypted));
     } else {
         Crypted[0] = 0;
     }
--- a/vpgsql.c	2020-02-25 17:49:48.782546000 +0100
+++ b/vpgsql.c	2020-02-25 17:48:33.426363000 +0100
@@ -208,7 +208,7 @@
   gid_t gid;
   char dirbuf[200];
   char quota[30];
-  char Crypted[100];
+  char Crypted[128];
   int err;
   PGresult *pgres;
     
@@ -245,7 +245,7 @@
   }
 
   if ( pass[0] != 0 ) {
-    mkpasswd3(pass,Crypted, 100);
+    mkpasswd3(pass,Crypted, sizeof(Crypted));
   } else {
     Crypted[0] = 0;
   }
--- a/vpopmail.c	2020-02-25 17:49:48.784496000 +0100
+++ b/vpopmail.c	2020-02-25 17:34:02.502868000 +0100
@@ -45,7 +45,7 @@
 #include "storage.h"
 
 #ifndef MD5_PASSWORDS
-#define MAX_PW_CLEAR_PASSWD 8
+//#define MAX_PW_CLEAR_PASSWD 8
 #endif
 
 #ifdef VPOPMAIL_DEBUG
@@ -820,7 +820,7 @@
 int mkpasswd3( char *clearpass, char *crypted, int ssize )
 {
  char *tmpstr;
- char salt[12];
+ char salt[21];
  static int seeded = 0;
 
  if (!seeded) {
@@ -842,9 +842,28 @@
   salt[10] = randltr();
   salt[11] = 0;
 #else
-  salt[0] = randltr();
-  salt[1] = randltr();
-  salt[2] = 0;
+  // salt is 16 characters
+  salt[0] = '$';
+  salt[1] = '6';
+  salt[2] = '$';
+  salt[3] = randltr();
+  salt[4] = randltr();
+  salt[5] = randltr();
+  salt[6] = randltr();
+  salt[7] = randltr();
+  salt[8] = randltr();
+  salt[9] = randltr();
+  salt[10] = randltr();
+  salt[11] = randltr();
+  salt[12] = randltr();
+  salt[13] = randltr();
+  salt[14] = randltr();
+  salt[15] = randltr();
+  salt[16] = randltr();
+  salt[17] = randltr();
+  salt[18] = randltr();
+  salt[19] = '$';
+  salt[20] = 0;
 #endif
 
   tmpstr = crypt(clearpass,salt);
--- a/vpopmaild.c	2011-02-28 18:00:45.000000000 +0100
+++ b/vpopmaild.c	2020-02-25 17:38:24.578490000 +0100
@@ -555,7 +555,7 @@
 
 int mod_user()
 {
- char Crypted[64];
+ char Crypted[128];
  char *email_address;
  char *param;
  char *value;