search for: schneiers

Am 07.02.2015 um 04:47 schrieb Reindl Harald: > > Am 06.02.2015 um 23:13 schrieb SW: >> According to https://cipherli.st/ >>> ssl = yes >>> ssl_cert = </etc/dovecot.cert >>> ssl_key = </etc/dovecot.key >>> ssl_protocols = !SSLv2 !SSLv3 >>> ssl_cipher_list = AES128+EECDH:AES128+EDH >>> ssl_prefer_server_ciphers = yes #

I've been reading on Bruce Schneier's blog about key diffusion and the key schedule in AES 256 being poor. Including this, for use in a geli encrypted provider, what are the pros and cons of selecting AES 128, 192, or 256?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear List: I'm looking for a form of the empty set such that if ES is said representation, ~ ES %in% c(1,2,3) evaluates to TRUE. Thank you in advance for your assistance. Sincerely, Jason Q. McClintic - -- Jason Q McClintic UST MB 1945 2115 Summit Avenue St. Paul, MN 55105 jqmcclintic at stthomas.edu mccl0219 at tc.umn.edu "It is

According to https://cipherli.st/ > ssl = yes > ssl_cert = </etc/dovecot.cert > ssl_key = </etc/dovecot.key > ssl_protocols = !SSLv2 !SSLv3 > ssl_cipher_list = AES128+EECDH:AES128+EDH > ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6 > Is what you want. Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list = AES128+EECDH:AES128+EDH Before I made this change

Hello all, I've a cluster with an oracle database. The shared filesystem is provided from a SAN and there's LVM and ext3 fs. I've experienced some problem. During a normal switch of my cluster remounting FS on second node gave me problem. FS is corrupted. During a normal switch, operations done are: - oracle shutdown abort - oracle listernet shutdown - umount fs (using umount -l )

Hi All, This is a general VPN question; PPTP VPNs seem to be very easy to set up with CentOS as the VPN server and the built-in windose client, but how do list members feel about the security vunerabilities reported with the MS implementation? Specifically the 6 problems reported here : http://www.schneier.com/pptp-faq.html or maybe im being paranoid? Would any of you roll this solution out

Hi, I'm not a crypto expert, so after reading this interview with Bruce Schneier ( http://www.securityfocus.com/columnists/324 ) I'm wondering if OpenSSH has the same problem he talks about, that is one public-key algorithm. Doesn't OpenSSH use RSA, DSA, and DH ? Also, is there any plan to include those new NSA standards based on ECC ?

When my client connects, I see this in my log: dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits) Whereas, when client connects to my postfix server, I see: Anonymous TLS connection established from * TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) how can I tell dovecot to use AES256, instead of AES128 ? is this set by ssl_cipher_list ? Here are my current

Hi, From v3.0.0 onwards the hash function implemented by Rsync was changed from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other

Greetings, Back in September someone asked about documentation for the new SLA feature in 1.4, however they received no replies. I thought I might ask the same question now in December. Apart from sla.conf.sample and a few comments in app_meetme.c I have been unable to find useful documentation. Is anyone using this feature right now? Is there a helpful source for information this highly

Hello, I work for an organization that uses a Secure Dovecot server for messaging, and recently we've had to undergo some security screenings for PKI compliance (credit card industry standards). However, the screening returned to us a failure due to the following reason (attributed to our Dovecot server, which runs on port 993 and is the only "open" port on our firewall): Synopsis

Does anyone knows which one is the strongest and which is the fastest encryption algorithms used in OpenSSH 3.7.1p2 from the list below aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, aes192-cbc, aes256-cbc, rijndael-cbc at lysator.liu.se, aes128-ctr, aes192-ctr, aes256-ctr Strong Encryption OpenSSH supports 3DES, Blowfish, AES and arcfour as encryption algorithms. These are patent

When searching in google I could verify that many examples of used rules in shorewall do not exist to block port scanners external. Example: nmap. Somebody has some rule or example ? thanks.

Dear List: In short, I am writing a number of functions as building blocks for other functions and have some questions about scoping and passing arguments. Suppose I have functions foo1, foo2, and foo3 such that: foo1<-function(a=1,b=TRUE,c=FALSE){#do stuff}; foo2<-function(x=1,y=FALSE,z=c(1,2,3,4)){#do stuff}; foo3<-function(lambda,...){lambda*foo1()*foo2()}; I want to be able to

Hi, I could not find this anywhere else reported, so here we go: creating a new btrfs filesystem (btrfs-progs-unstable from git) and mounting it succeeds, unmounting however fails with the kernel messages attached to this mail. After that, I can still read and write to the btrfs mount, but e.g. /bin/sync never finishes, sysrq-s never reports "Sync complete". I''m using a

Dear FreeBsd gurus, I have a problem concerning users password and authentication policies. The goal is 1)make freebsd to lock users after 3 unsuccessful login attempts, 2)force users to change their passwords every 90 days I've done such changes in Linux distros, with various PAM modules.But in Freebsd it seems that i need to use login.conf file. Here I made necessary changes in that

On Mon Jun 2 23:28:45 2025 Jeffrey Walton <noloader at gmail.com> wrote: > > On Mon, Jun 2, 2025 at 5:34?PM Mark Foley via samba > <samba at lists.samba.org> wrote: [snip] > > 1) Users are set to "change password on next login" or when passwords expire on > > the Windows 11 workstations the users cannot reset their passwords. As sysadmin > > I

Hello list, I'm not sure whether this is bug worthy or just my own insanity. I'm using 6.4p1 packages from Debian jessie and wheezy-backports. I like VisualHostKey, although it may not add any protection (other than not trusting ones own known_hosts file?), I've become accustomed to it as it seems that extra neurons fire when I log into a host and get a visual cue of what looks like

from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other reasons which made the change necessary/desirable? I am looking at ways

Is anyone else concerned about the fact that rsync doesn't guarantee to produce identical file copies on the the target machine? Don't get me wrong in sounding critical because I think that rsync is a great example of how software should be written. (I often make the observation, as I learn more about Linux, and inevitably find myself comparing open source applications to Microsoft