search for: salts

The idea of salted hash algorithms is to generate a different hash even if the same text is entered. That can be easily seen with dovecotpw: using NON-salted SHA256, same hash is generated for a given password [root at correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [root at correio ~]# dovecotpw -s SHA256 -p 123

Hello all, Thank you in advance for your help with this. I am trying to implement the user authentication method from Ruby Recipes which calls for the use of SHA 2. Here is the code for the password: def password=(pass) salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp self.password_salt, self.password_hash = salt, Digest::SHA256.hexdigest(pass + salt) end I open

On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote: > I wonder if could be useful to set the fall back account to something user > defined to avoid suggesting people add passwords to root, though I do like > root since the account is always there, Since committing that diff I've heard of people running in production with no root password (ie *LK*, !! or similar).

On Tue, January 20, 2015 18:37, Les Mikesell wrote: > > There's also saltstack which is one of the newer of the bunch. It has > some chance of working reasonably across different platforms. How > you feel about it will probably depend on how you feel about python in > general - and how you expect upgrades to go in the future. > Is this what you are talking...

Hello everyone, I'm trying to make dovecot do user authentication against a SQL database. The passwords (managed by Django) are stored as salted SHA1 encoded in hex. I monkey patched Django's password method so that the password hash is made with <password><salt> (Django does <salt><password>, the patched method was verified to return same value as

...crypt(password, salt) Digest::SHA1.hexdigest("--#{salt}--#{password}--") end # Encrypts the password with the user salt def encrypt(password) self.class.encrypt(password, salt) end[/code] So.... I have full db access so I have the encrypted passwords and their associated salts. And I need a php script to verify users. Is there as way for me to un-encrypt this password via php and the database that Ruby is using? Thanks in advance for any guidance or assistance you may be able to provide. -- You received this message because you are subscribed to the Google Groups &q...

Hey all, I understand that a def self.abc, for example, is a class method, which allows you to call its contents by just referencing model.abc (rather than model.new.abc). However, what is its role when located in a method inside a model like in the code below. Also in the code below, you see :: located in the method. Isn''t that used for modules and namespaces? If so, why is it located

Hello, attached is an hg export on top of the current dovecot-2.2 branch, which adds support for a SCRAM-SHA-1 password scheme. Ideally I'd want doveadm pw's rounds flag to apply to this, but that's currently specific to the crypt password scheme, so I left it out for now. Regards, Florian Zeitz -------------- next part -------------- # HG changeset patch # User Florian Zeitz

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. > but then again, no one uses rainbow tables anymore > since it takes about few minutes to brute force a password in the cloud > or on your home computer GPU. SHA512...

Hi, I was looking at the crypt(3) manpage, and I'm having a hard time figuring out what the allowed characters are for the salt in md5 and blowfish encryption. For DES, it clearly states that only numbers, letters and digits may be used. Does anyone know the rules for md5/blowfish salt characters? Thanks, Charles -- Charles Sprickman spork@inch.com

Hello, I want decrypt a password which is encrypted by MD5. there are 4 functions which i am using : # Encrypts some data with the salt. def self.encrypt(password, salt) Digest::SHA1.hexdigest("--#{salt}--#{password}--") end # Encrypts the password with the user salt def encrypt(password) self.class.encrypt(password, salt) end def authenticated?(password)

its just a common util that floats around the net. everyones got it or you can go to google and enter mkpasswd.c and turn up lots of hits. or i got this from icecast CVS 1.1 you can cut it into a file, compile and run. note the freshness date :) ---------------------------->snip here, put in .c file, compile<--------- /* simple password generator by Nelson Minar (minar@reed.edu) *

Howdy - For most of my dovecot servers, they are small and I just use unix accounts. However I am going to be running a new server for more general users, webmail (probably roundcube but I'm hacking roundcube quite a bit, enough that I'm calling it squarepeg instead so users familiar with roundcube will know it is quite different) and it will use MariaDB for account management. I

Hi, I am trying to install the salted login generator from rubygems. I have version 0.13.1 of rails installed. When I try to install the salted login generator (gem install salted_login_generator) it asks: Install required dependency rails? If I select yes it says: RubyGem version error: rails(0.11.1 not >= 0.13.1) and fails. It does the same thing when I try to install the regular

Hi everyone, On Monday, November 14, 2016 the LLVM in HPC workshop will be held in Salt Lake City, Utah (in conjunction with the SC16 conference). For last year's workshop, which was in Austin, we held an LLVM social the evening of the workshop, and I think that turned out really well. If you'll be in Salt Lake City and are interested in attending an LLVM social on the evening of November

I'm trying to configure SSHA512 passwords and when testing discovered that they were not working as expected. At first i was using Centos 6.4 which doesn't have the glibc CRYPT newest functions ($6$salt$pass) so had to rollback to the Dovecot format ({SSHA512.HEX}saltedpassword+salt ) but I'm unable to let dovecot authenticate properly. Some logs and details: Apr 16 02:55:37

Hi, we are currently in the progress of switching an HPUX mailserver to linux and dovecot. The only issue so far is, that HPUX has bigcrypt for passwords > 8 chars. Bigcrypt uses standard libc crypt for every block of 8 chars. The linux pam modules have a bigcrypt.c file which can be used for dovecot as well to authenticate crypt and bigcrypt passwords. I have used the pam bigcrypt.c code

Hello, ? I have recently set up a system to test the relatively new ability of Kerberos to track failed password attempts and lock out users for a given period of time if they exceed a threshold.? My system is Centos 6.2 running the krb5-server-1.9-22.el6_2.1.x86_64 RPM.? I have created a testuser in the Kerberos domain, and applied the policy as shown below.? If I then attempt to log on to the

...2:31 PM, Selphie Keller <selphie.keller at gmail.com> wrote: > Ahh i see, just got up to speed on the issue, so seems like the issue is > related to blowfish being faster then sha family hashing for longer length > passwords, or the system's crypt() not understanding $2a$ -style salts, which most glibcs don't. On those, crypt fails immediately due to invalid salt. > so there is a time lag difference between the blowfish internal > hash and the sha family hash, though this could be tricky to fix since some > systems may still use blowfish based hashing and changing...

Hi, I seem to have a split brain issue, but I cannot figure out where this is and what it is, can someone help me pls, I cant find what to fix here. ========== root at salt-001:~# salt gluster* cmd.run 'df -h' glusterp2.graywitch.co.nz: Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root