search for: salted

The idea of salted hash algorithms is to generate a different hash even if the same text is entered. That can be easily seen with dovecotpw: using NON-salted SHA256, same hash is generated for a given password [root at correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM...

Hello all, Thank you in advance for your help with this. I am trying to implement the user authentication method from Ruby Recipes which calls for the use of SHA 2. Here is the code for the password: def password=(pass) salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp self.password_salt, self.password_hash = salt, Digest::SHA256.hexdigest(pass + salt) end I open

On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote: > I wonder if could be useful to set the fall back account to something user > defined to avoid suggesting people add passwords to root, though I do like > root since the account is always there, Since committing that diff I've heard of people running in production with no root password (ie *LK*, !! or similar).

On Tue, January 20, 2015 18:37, Les Mikesell wrote: > > There's also saltstack which is one of the newer of the bunch. It has > some chance of working reasonably across different platforms. How > you feel about it will probably depend on how you feel about python in > general - and how you expect upgrades to go in the future. > Is this what you are talking about?

Hello everyone, I'm trying to make dovecot do user authentication against a SQL database. The passwords (managed by Django) are stored as salted SHA1 encoded in hex. I monkey patched Django's password method so that the password hash is made with <password><salt> (Django does <salt><password>, the patched method was verified to return same value as dovecotpw) and the passwords are stored in the database sepa...

Hello all, I have a client with an older Rails 1.8 app (was recently upgraded from 1.6) and I need to integrate a php site to use the same user login creds. I''m not very versed with Ruby but I think this is the code that encrypts the password. [code] # Encrypts some data with the salt. def self.encrypt(password, salt) Digest::SHA1.hexdigest("--#{salt}--#{password}--")

Hey all, I understand that a def self.abc, for example, is a class method, which allows you to call its contents by just referencing model.abc (rather than model.new.abc). However, what is its role when located in a method inside a model like in the code below. Also in the code below, you see :: located in the method. Isn''t that used for modules and namespaces? If so, why is it located

...* This software is released under the MIT license. */ +#include <stdlib.h> + #include "auth-common.h" #include "base64.h" #include "buffer.h" @@ -29,45 +31,22 @@ /* sent: */ const char *server_first_message; - unsigned char salt[16]; - unsigned char salted_password[SHA1_RESULTLEN]; + const char *snonce; /* received: */ const char *gs2_cbind_flag; const char *cnonce; - const char *snonce; const char *client_first_message_bare; const char *client_final_message_without_proof; buffer_t *proof; + + /* stored */ + buffer_t *stored_key; + buff...

...ms, and > also adding support for ARGON2 when you have libsodium available. Straight hashes, without question, are weak. I routinely break NTLM hashes with rainbow tables. I'm *not* arguing against the use of stronger hashes, I'm just skeptical of the FUD surrounding the user of older salted hashes. This is especially true if the hashes are guarded against leakage, as most are. Strong crypt-hashes are an extra layer of protection (defense in depth). This page (if you trust 3rd parties) will report whether a password was ever found in a breached databases. You can also download the...

Hi, I was looking at the crypt(3) manpage, and I'm having a hard time figuring out what the allowed characters are for the salt in md5 and blowfish encryption. For DES, it clearly states that only numbers, letters and digits may be used. Does anyone know the rules for md5/blowfish salt characters? Thanks, Charles -- Charles Sprickman spork@inch.com

Hello, I want decrypt a password which is encrypted by MD5. there are 4 functions which i am using : # Encrypts some data with the salt. def self.encrypt(password, salt) Digest::SHA1.hexdigest("--#{salt}--#{password}--") end # Encrypts the password with the user salt def encrypt(password) self.class.encrypt(password, salt) end def authenticated?(password)

its just a common util that floats around the net. everyones got it or you can go to google and enter mkpasswd.c and turn up lots of hits. or i got this from icecast CVS 1.1 you can cut it into a file, compile and run. note the freshness date :) ---------------------------->snip here, put in .c file, compile<--------- /* simple password generator by Nelson Minar (minar@reed.edu) *

Howdy - For most of my dovecot servers, they are small and I just use unix accounts. However I am going to be running a new server for more general users, webmail (probably roundcube but I'm hacking roundcube quite a bit, enough that I'm calling it squarepeg instead so users familiar with roundcube will know it is quite different) and it will use MariaDB for account management. I

Hi, I am trying to install the salted login generator from rubygems. I have version 0.13.1 of rails installed. When I try to install the salted login generator (gem install salted_login_generator) it asks: Install required dependency rails? If I select yes it says: RubyGem version error: rails(0.11.1 not >= 0.13.1) and fails....

Hi everyone, On Monday, November 14, 2016 the LLVM in HPC workshop will be held in Salt Lake City, Utah (in conjunction with the SC16 conference). For last year's workshop, which was in Austin, we held an LLVM social the evening of the workshop, and I think that turned out really well. If you'll be in Salt Lake City and are interested in attending an LLVM social on the evening of November

I'm trying to configure SSHA512 passwords and when testing discovered that they were not working as expected. At first i was using Centos 6.4 which doesn't have the glibc CRYPT newest functions ($6$salt$pass) so had to rollback to the Dovecot format ({SSHA512.HEX}saltedpassword+salt ) but I'm unable to let dovecot authenticate properly. Some logs and details: Apr 16 02:55:37 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=xxx rip=xxx lport=143 rport=58171 resp=AGRpbm9AYWJjLml0AGRpbm8= Apr 16 02:55:37 auth: Debug: sql(dino...

Hi, we are currently in the progress of switching an HPUX mailserver to linux and dovecot. The only issue so far is, that HPUX has bigcrypt for passwords > 8 chars. Bigcrypt uses standard libc crypt for every block of 8 chars. The linux pam modules have a bigcrypt.c file which can be used for dovecot as well to authenticate crypt and bigcrypt passwords. I have used the pam bigcrypt.c code

Hello, ? I have recently set up a system to test the relatively new ability of Kerberos to track failed password attempts and lock out users for a given period of time if they exceed a threshold.? My system is Centos 6.2 running the krb5-server-1.9-22.el6_2.1.x86_64 RPM.? I have created a testuser in the Kerberos domain, and applied the policy as shown below.? If I then attempt to log on to the

On Thu, Jul 21, 2016 at 12:31 PM, Selphie Keller <selphie.keller at gmail.com> wrote: > Ahh i see, just got up to speed on the issue, so seems like the issue is > related to blowfish being faster then sha family hashing for longer length > passwords, or the system's crypt() not understanding $2a$ -style salts, which most glibcs don't. On those, crypt fails immediately due

Hi, I seem to have a split brain issue, but I cannot figure out where this is and what it is, can someone help me pls, I cant find what to fix here. ========== root at salt-001:~# salt gluster* cmd.run 'df -h' glusterp2.graywitch.co.nz: Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root