diff -ur passwd-2.2.1/config/backends.php.dist passwd/config/backends.php.dist
--- passwd-2.2.1/config/backends.php.dist	2004-06-30 00:41:27.000000000 -0400
+++ passwd/config/backends.php.dist	2004-06-30 01:02:27.000000000 -0400
@@ -40,12 +40,14 @@
  *            supported by passwd
  *
  *            1) plain
- *            2) crypt
- *            3) md5-hex
- *            4) md5-base64
- *            5) smd5
- *            6) sha
- *            7) ssha
+ *            2) crypt or crypt-des
+ *            3) crypt-md5
+ *            4) crypt-blowfish
+ *            5) md5-hex
+ *            6) md5-base64
+ *            7) smd5
+ *            8) sha
+ *            9) ssha
  *
  *            Currently, md5-base64, smd5, sha, and ssha require the mhash php
  *            library in order to work properly.  See the INSTALL file for
@@ -190,7 +192,7 @@
         // 'socket'     => '/tmp/mysql.sock',
         'username'   => '',
         'password'   => '',
-        'encryption' => 'crypt',
+        'encryption' => 'crypt-md5',
         'database'   => 'vpopmail',
         'table'      => 'vpopmail',
         'name'    => 'pw_name',
diff -ur passwd-2.2.1/lib/Driver.php passwd/lib/Driver.php
--- passwd-2.2.1/lib/Driver.php	2003-02-15 16:16:26.000000000 -0400
+++ passwd/lib/Driver.php	2004-06-30 00:59:32.000000000 -0400
@@ -104,8 +104,22 @@
                 }
                break;
             case 'crypt':
-                $encrypted = substr($encrypted, 7);
-                $salt = substr($encrypted , 0, 2);
+            case 'crypt-des':
+                $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+                $salt = substr($encrypted, 0, 2);
+                if ($encrypted == crypt($plaintext, $salt)) {
+                    return true;
+                }
+                break;
+            case 'crypt-md5':
+                $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+                $salt = substr($encrypted, 0, 12);
+                if ($encrypted == crypt($plaintext, $salt)) {
+                    return true;
+                }
+            case 'crypt-blowfish':
+                $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+                $salt = substr($encrypted, 0, 16);
                 if ($encrypted == crypt($plaintext, $salt)) {
                     return true;
                 }
@@ -113,14 +127,14 @@
             case 'sha':
                 $encrypted = substr($encrypted, 5);
                 if ($encrypted == base64_encode(mHash(MHASH_SHA1, $plaintext)))
-{
+                {
                     return true;
                 }
                 break;
             case 'ssha':
                 $encrypted = substr($encrypted, 6);
                 $hash = base64_decode($encrypted);
-               $salt = substr($hash, 20);
+                $salt = substr($hash, 20);
                 if ($hash == mHash(MHASH_SHA1, $plaintext . $salt)) {
                     return true;
                 }
@@ -156,9 +170,18 @@
             case "sha":
                 $newPassword = "{SHA}" . base64_encode(mHash(MHASH_SHA1, $newPassword));
                 break;
-            case "crypt":
-                // The salt is left out, generated by php
-                $newPassword = "{crypt}" . crypt($newPassword);
+            case 'crypt':
+            case 'crypt-des':
+                $salt = substr(md5(mt_rand()), 0, 2);
+                $newPassword = crypt($newPassword, $salt);
+                break;
+            case 'crypt-md5':
+                $salt = '$1$' . substr(md5(mt_rand()), 0, 8) . '$';
+                $newPassword = crypt($newPassword, $salt);
+                break;
+            case 'crypt-blowfish':
+                $salt = '$2$' . substr(md5(mt_rand()), 0, 12) . '$';
+                $newPassword = crypt($newPassword, $salt);
                 break;
             case "md5-hex":
                 $newPassword = md5($newPassword);