search for: salt

The idea of salted hash algorithms is to generate a different hash even if the same text is entered. That can be easily seen with dovecotpw: using NON-salted SHA256, same hash is generated for a given password [root at correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eie...

Hello all, Thank you in advance for your help with this. I am trying to implement the user authentication method from Ruby Recipes which calls for the use of SHA 2. Here is the code for the password: def password=(pass) salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp self.password_salt, self.password_hash = salt, Digest::SHA256.hexdigest(pass + salt) end I open a console and can create a user but when I try to add a password it says that the constant 256 is not initialized. I have changed t...

...people add passwords to root, though I do like > root since the account is always there, Since committing that diff I've heard of people running in production with no root password (ie *LK*, !! or similar). It's about the same amount of code to search for the first account with a valid salt, which would avoid this problem in the case where the root account doesn't have a real password. djm: what do you think? diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 8913bb8..5385243 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -78,14 +78,18 @@...

On Tue, January 20, 2015 18:37, Les Mikesell wrote: > > There's also saltstack which is one of the newer of the bunch. It has > some chance of working reasonably across different platforms. How > you feel about it will probably depend on how you feel about python in > general - and how you expect upgrades to go in the future. > Is this what you are talkin...

Hello everyone, I'm trying to make dovecot do user authentication against a SQL database. The passwords (managed by Django) are stored as salted SHA1 encoded in hex. I monkey patched Django's password method so that the password hash is made with <password><salt> (Django does <salt><password>, the patched method was verified to return same value as dovecotpw) and the passwords are stored in the database se...

Hello all, I have a client with an older Rails 1.8 app (was recently upgraded from 1.6) and I need to integrate a php site to use the same user login creds. I''m not very versed with Ruby but I think this is the code that encrypts the password. [code] # Encrypts some data with the salt. def self.encrypt(password, salt) Digest::SHA1.hexdigest("--#{salt}--#{password}--") end # Encrypts the password with the user salt def encrypt(password) self.class.encrypt(password, salt) end[/code] So.... I have full db access so I have the encrypted passwords and th...

...ke in the code below. Also in the code below, you see :: located in the method. Isn''t that used for modules and namespaces? If so, why is it located in the method here. These two things are preventing me from comprehending the below code: def hash_new_password # First reset the salt to a new random string. You could choose a # longer string here but for a salt, 8 bytes of randomness is probably # fine. Note this uses SecureRandom which will use your platform''s secure # random number generator. self.salt = ActiveSupport::SecureRandom.base64(8)...

...babelmonkeys.de> * * This software is released under the MIT license. */ +#include <stdlib.h> + #include "auth-common.h" #include "base64.h" #include "buffer.h" @@ -29,45 +31,22 @@ /* sent: */ const char *server_first_message; - unsigned char salt[16]; - unsigned char salted_password[SHA1_RESULTLEN]; + const char *snonce; /* received: */ const char *gs2_cbind_flag; const char *cnonce; - const char *snonce; const char *client_first_message_bare; const char *client_final_message_without_proof; buffer_t *proof; + + /* stored */ +...

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow table...

Hi, I was looking at the crypt(3) manpage, and I'm having a hard time figuring out what the allowed characters are for the salt in md5 and blowfish encryption. For DES, it clearly states that only numbers, letters and digits may be used. Does anyone know the rules for md5/blowfish salt characters? Thanks, Charles -- Charles Sprickman spork@inch.com

Hello, I want decrypt a password which is encrypted by MD5. there are 4 functions which i am using : # Encrypts some data with the salt. def self.encrypt(password, salt) Digest::SHA1.hexdigest("--#{salt}--#{password}--") end # Encrypts the password with the user salt def encrypt(password) self.class.encrypt(password, salt) end def authenticated?(password) crypted_password = encrypt(password) en...

...s with it. */ #include <stdio.h> #include <stdlib.h> #include <string.h> #ifndef lint static char rcsid[] = "@(#)$Id: mkpasswd.c,v 1.1.1.1 1999/03/05 22:40:55 barath Exp $"; #endif extern char *getpass(); int main(argc, argv) int argc; char *argv[]; { static char saltChars[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; char salt[3]; char * plaintext; int i; if (argc < 2) { srandom(time(0)); /* may not be the BEST salt, but its close */ salt[0] = saltChars[random() % 64]; salt[1] = saltChars[random() % 6...

...nt. I already have it working, following the instructions at https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql-on-centos-5/ - those instructions also work in CentOS 7 with the latest Dovecot - but there is something that really bothers me. It makes no provision for salting the password before the crypt function. What I would like to do is when creating a new account, use /dev/urandom to generate a random salt for the account that is stuck in the database along with the account and used when validating the password. That way in the event of a SQL injection atta...

Hi, I am trying to install the salted login generator from rubygems. I have version 0.13.1 of rails installed. When I try to install the salted login generator (gem install salted_login_generator) it asks: Install required dependency rails? If I select yes it says: RubyGem version error: rails(0.11.1 not >= 0.13.1) and fails...

Hi everyone, On Monday, November 14, 2016 the LLVM in HPC workshop will be held in Salt Lake City, Utah (in conjunction with the SC16 conference). For last year's workshop, which was in Austin, we held an LLVM social the evening of the workshop, and I think that turned out really well. If you'll be in Salt Lake City and are interested in attending an LLVM social on the evening...

I'm trying to configure SSHA512 passwords and when testing discovered that they were not working as expected. At first i was using Centos 6.4 which doesn't have the glibc CRYPT newest functions ($6$salt$pass) so had to rollback to the Dovecot format ({SSHA512.HEX}saltedpassword+salt ) but I'm unable to let dovecot authenticate properly. Some logs and details: Apr 16 02:55:37 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=xxx rip=xxx lport=143 rport=58171...

...ode is based on published + * interfaces and reasonable guesswork. + * + * Description: The cleartext is divided into blocks of SEGMENT_SIZE=8 + * characters or less. Each block is encrypted using the standard UNIX + * libc crypt function. The result of the encryption for one block + * provides the salt for the suceeding block. + * + * Restrictions: The buffer used to hold the encrypted result is + * statically allocated. (see MAX_PASS_LEN below). This is necessary, + * as the returned pointer points to "static data that are overwritten + * by each call", (XPG3: XSI System Interface + H...

...ticket life: 0 days 10:00:00 Maximum renewable life: 0 days 20:00:00 Last modified: Fri Mar 16 14:29:33 EDT 2012 (root/admin at TESTKDC) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 6 Key: vno 1, aes256-cts-hmac-sha1-96, no salt Key: vno 1, aes128-cts-hmac-sha1-96, no salt Key: vno 1, des3-cbc-sha1, no salt Key: vno 1, arcfour-hmac, no salt Key: vno 1, des-hmac-sha1, no salt Key: vno 1, des-cbc-md5, no salt MKey: vno 1 Attributes: Policy: NewUser [root at hpctest-krb2 ~]# kinit testuser Password for testuser at TESTKDC: ki...

...2:31 PM, Selphie Keller <selphie.keller at gmail.com> wrote: > Ahh i see, just got up to speed on the issue, so seems like the issue is > related to blowfish being faster then sha family hashing for longer length > passwords, or the system's crypt() not understanding $2a$ -style salts, which most glibcs don't. On those, crypt fails immediately due to invalid salt. > so there is a time lag difference between the blowfish internal > hash and the sha family hash, though this could be tricky to fix since some > systems may still use blowfish based hashing and changin...

Hi, I seem to have a split brain issue, but I cannot figure out where this is and what it is, can someone help me pls, I cant find what to fix here. ========== root at salt-001:~# salt gluster* cmd.run 'df -h' glusterp2.graywitch.co.nz: Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 19G 3.4G 16G 19% / devtmpfs...