search for: crypt

Displaying 20 results from an estimated 1859 matches for "crypt".

Did you mean: crypto
2016 Jun 06
2
Blowfish hashed passwords
>> Maybe, Dovecot could just add support for BLF-CRYPT by using the open source implementation of Blowfish hashing found in https://github.com/php/php-src/tree/master/ext/standard <https://github.com/php/php-src/tree/master/ext/standard>. The implementation looks like a single function to generate the hash. I?m not much of a programmer, but it wo...
2016 Jun 05
2
Blowfish hashed passwords
> I would love to know why your ubuntu 14.04 system doesn't support sha512-crypt. I just tried SHA512-CRYPT and it is supported on Ubuntu 14.04. I think I was thinking about DBMail instead of Dovecot. I could really use support for BLF-CRYPT since my current password hashes generated by PHP are using Blowfish encryption. Maybe, Dovecot could just add support for BLF-CRYPT by...
2016 Jun 03
3
Blowfish hashed passwords
(I subscribed to a daily digest for this list and can?t figure out how to reply to a reply.) Anyway, Aki Tuomi replied to my feature request saying: > We support in latest 2.2 release > > MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN > CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 > PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT > SHA512-CRYPT > > There is also blowfish support as BLF-CRYPT, but that requir...
2016 Jun 06
2
Blowfish hashed passwords
> Changing your php app will probably be the easiest solution. Since I?m using Docker, the easiest solution for me is to find a linux distro that can run Dovecot well and supports BLF-CRYPT as well. What Linux distros support BLF-CRYPT and are well tested and secure? > On Jun 5, 2016, at 8:54 PM, Edgar Pettijohn <edgar at pettijohn-web.com> wrote: > > On 16-06-05 20:36:35, KT Walrus wrote: >>>> Maybe, Dovecot could just add support for BLF-CRYPT by using...
2018 Jan 23
1
[PATCH] customize: Use libxcrypt if available to provide crypt(3).
glibc 2.27 removes crypt(3) and suggests using libxcrypt. libxcrypt requires <crypt.h> to be included. --- customize/Makefile.am | 1 + customize/crypt-c.c | 4 ++++ m4/guestfs-misc-libraries.m4 | 27 +++++++++++++++++++-------- 3 files changed, 24 insertions(+), 8 deletions(-) diff --git a/custom...
2015 May 01
1
Fatal: Unknown scheme: SHA512-CRYPT. On a Mac-mini
Running postfix+dovecot+mysql on a mac-mini, and trying to solve this puzzle. Is this a Mac issue?, a MySQL issue? or something I haven't configured in? You can see from the output of the samples shows in the first case, that SHA512-CRYPT seems to be Unknown. The code I used is from a Linux based tutorial on setting up Postfix+Dovecot+MySQL on a site. Everything is generally going ok, apart from this bit. There are some others unknown as well. The codes used to create my database of passwords follows these output examples. Ma...
2016 Apr 29
3
Changing Password Schemes
That's not SHA512-CRYPT. That's just a simple sha512 of the password, without salt. A SHA512-CRYPT password will be generated with: printf "1234\n1234" | doveadm pw -s SHA512-CRYPT or: doveadm pw -s SHA512-CRYPT -p 1234 or: mkpasswd -m sha-512 1234 (without the "{SHA512-CRYPT}" prefix) What...
2018 Jan 29
1
[PATCH] customize: Correctly handle crypt(3) returning NULL.
In particular glibc's crypt will return NULL / errno == ENOSYS and other implementations might do that in future too. --- customize/crypt-c.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/customize/crypt-c.c b/customize/crypt-c.c index d5425cfaa..e358018cd 100644 --- a/customize/crypt-c.c +++ b/customize/crypt-c.c...
2008 Jun 06
1
Need help with Decryption using blowfish CBC
Hello all, Hoping someone can help me out here. I''ve burned almost a week trying to figure out how to decrypt an image file that has been encrypted using Blowfish CBC. I found some code on the net and have modified as follows: require ''openssl'' require ''digest/sha1'' ivArr = [0x0D, 0x0E, 0x0A, 0x0D, 0x0F, 0x0A, 0x0C, 0x0E ] iv = ivArr.pack(&qu...
2019 Mar 06
2
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
Greetings, this is less of a bug report or a help request, but we would like to know if someone can explain the following: Environment: Centos 7 with Dovecot 2.3.4-2 default_pass_scheme = BLF-CRYPT password hash in database : BLF-CRYPT login = works default_pass_scheme = SHA512 or SHA256-CRYPT password hash in database : BLF-CRYPT login = also works default_pass_scheme = BLF-CRYPT password hash in database : SHA512-CRYPT login = does not work Can someone explain these discrepancies? -- K...
2017 Apr 29
2
most secure password scheme
Hello, I have a few questions on password schemes. Is SHA512 the most secure? Is there a difference between SHA512 and SHA512-CRYPT? What about SSHA512 and SSH512-CRYPT? Is there a problem with this sql statement: UPDATE virtual_users SET password=CONCAT(?{SHA256-CRYPT}?, ENCRYPT (?Password Goes Here?, CONCAT(?$5$?, SUBSTRING(SHA(RAND()), -16)))) WHERE user=?user at example.com?; I'm getting an error 1064 at the ending e...
2019 Mar 07
2
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
> You could configure default scheme as CRYPT. It covers these all. Otherwise > you need to make sure passwords have {SCHEME} prefix when it differs from > default or oddities occur. --- Thank you for the tip with CRYPT. Is there any explanation for this behaviour though? Why are BCRYPT hashes accepted when default_pass_scheme is set...
2019 Feb 11
4
time --verbose not working
I can't seem to get the verbose mode of time working.? I am trying to compare the compute cost of sha256-crypt to sha512-crypt: time doveadm pw -s sha256-crypt -p secret real??? 0m0.128s user??? 0m0.081s sys???? 0m0.040s time doveadm pw -s sha512-crypt -p secret real??? 0m0.162s user??? 0m0.105s sys???? 0m0.047s But all attempts to add --verbose fail: time --verbose doveadm pw -s sha512-crypt -p secre...
2018 Dec 06
3
argonid and dovecote
on a FreeBSD 11.2 amd64 machine, I am trying to get Dovecot 2.3.4 to play nice with "argonid" encryption. In the "10-auth.conf" file, I tried: auth_mechanisms = plain argon2id Upon restarting dovecot, I received an error message when attempting to actually it: auth: FATAL: Unknown authentication mechanism "ARGON2ID" Output from doveadm pw -l doveadm pw -l SHA1 SSHA512 BLF-...
2013 Mar 11
2
doveadm password check
Hi, I want to write some php code that users can change there dovecot password via a roundcube plugin. I'm using php function crypt(...) to generate the hashes and everything works well so far. I'm using doveadm pw to generate testhashes e.g.: srv:~ # doveadm pw -r 5 -s BLF-CRYPT -p abc {BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y I expected an "ok" when using -t the hash when enter...
2008 Dec 28
2
Bug in Dovecot 1.0.5 - CRYPT-MD5 not working
Problem: Using MySQL storage for the user and password db with MD5-CRYPT hashes, Dovecot fails to successfully authenticate when the MD5-CRYPT or MD5 settings are specified as default_pass_scheme in dovecot-mysql.conf. Dovecot /does/ successfully authenticate against MD5-CRYPT hashes when default_pass_scheme is set to CRYPT, which according to the docs should be D...
2010 May 07
1
CRYPT scheme and 8 character limit
I've decided that having users supply cleartext passwords for me to encrypt and encode is a bad idea, anyway. So maybe I won't need dovecotpw. The idea is that users supply an already-encrypted password. Most of the users can fetch their login password from /etc/shadow on their own computer. Wiki page http://wiki.dovecot.org/Authentication/PasswordSchemes indicates...
2017 Apr 30
2
most secure password scheme
Hello, Thanks for the explanation. So should I go with SSHA512 or SHA512-CRYPT? From your explanation i'm interpreting to mean that SHA512-CRYPT also salts. This is for storing in a mysql database. Also, what should the password field length and type be set for? Currently it's varchar(128) Thanks. Dave. On 4/29/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: &...
2019 Mar 07
0
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
On 7.3.2019 14.00, Kristijan Savic - ratiokontakt GmbH wrote: >> You could configure default scheme as CRYPT. It covers these all. Otherwise >> you need to make sure passwords have {SCHEME} prefix when it differs from >> default or oddities occur. --- > Thank you for the tip with CRYPT. > > Is there any explanation for this behaviour though? > > Why are BCRYPT hashes accepted wh...
2013 Dec 25
1
SHA512-CRYPT scheme fails password verification
Hello, If I try to use the crypt schemes provided by libc. I fail as follows: jnikula at jlaptop:~/$ doveadm pw -s SHA512-CRYPT -p 123456 {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u. jnikula at jlaptop:~/$ doveadm pw -t {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$Z...