search for: va1der

Hello, There is a disconnect between the way Postfix handles recipient_delimiter and the way Dovecot handles it. For Postfix, it is a set of delimiters that can each individually be used to separate the address from the . In Dovecot, having multiple characters in recipient_delimiters simply makes it a multi-character single delimiter. For my purposes, the Postfix method is much more

Hi all, Is there a way to get dovecot to recognize arbitrary password hash schemes when looking up a password in a database? I originally set up with #default_pass_scheme = MD5, and I would like to migrate to SHA512. Seeing as the scheme is actually stored in the password column along with the password in the format $_<scheme#>_$_<salt>_$_<passwordhash>_, it seems to me that

I am having a terrible time getting an iPhone to connect to my stream. I am trying to connect through just a normal web browser (Safari) to my icecast 2.4.4 server. When I connect to the web page, the iphone doesn't see the <audio> tag on the stream. I think safari doesn't recognize application/ogg as a mime type, which is what icecast 2.4.4's web server puts on it. When I

My opinion is that security by RFC is not security, it's mommy medicine. Standards have had a terrible time keeping up with security realities. NITS's curves leak side channel information all over the place. I don't have details on what implementations are set to calculate the NIST curves in constant time, and that's not an easy feat to do anyway so I don't want to depend

Hello all, I have recently had cause to dig a little into the specifics of how diffie-hellman-group-exchange-sha256 group sizes work. The belief in the wild, perpetuated by multiple sources of logjam mediation papers and also Andras Stribnik's very influential piece "Secure Secure Shell", is that server operators can force the use of a minimum group size by removing moduli

I am interested in configuring Dovecot's TLS so as to retain forward secrecy, but eliminate all of NIST's elliptic curves. Besides being subject to side channel attacks [1], in some quarters there is a general distrust of NIST's curves and any of their other cryptographic primitives after the Dual EC DRBG debacle. >From what I can tell, the following will prevent the use of