similar to: weakness in hash salt generation

Hello all, attached patch implements Compuserve RPA athentication mechanism. Tested with: - Eudora 6 (uses Compuserve "Virtual Key" RPA software); - TheBat! 2.11 (uses it's own RPA implementation). I hope it can be useful for someone. Best regards. -- Andrey Panin | Linux and UNIX system administrator pazke at donpac.ru | PGP key: wwwkeys.pgp.net -------------- next part

Hi, I was looking at the crypt(3) manpage, and I'm having a hard time figuring out what the allowed characters are for the salt in md5 and blowfish encryption. For DES, it clearly states that only numbers, letters and digits may be used. Does anyone know the rules for md5/blowfish salt characters? Thanks, Charles -- Charles Sprickman spork@inch.com

Hello! I'm storing passwords as MD5 hashes in a MySQL database and have specified "default_pass_scheme = PLAIN-MD5" in dovecot-sql.conf. Can Dovecot append or prepend a salt to a password before hashing them? Because without salt the plaintext passwords can be restored from the MD5 hashes using rainbow tables. Greetings Steffen Weber

Hi, on a lattice, I have binary 0/1 data. 1s are rare and may form clusters. I would like to know the size/length of largest cluster. Any help warmly welcome, Sylvain.

Hi there, I was wondering if someone could explain how dovecot/dovecotpw produces salt for use in ssha passwords, I'd like to replicate this in PHP so I can write my passwords from php in ssha instead of just sha1. Thanks in advance, Andrea Baitis

We're pleased to announce a one day course covering static and dynamic graphics using R, ggplot and GGobi. The course will be held just before the JSM, on Saturday, 28 July 2007, in Salt Lake City. The course will be presented by Dianne Cook and Hadley Wickham. In the course you will learn: * How to build presentation quality static graphics using the R package, ggplot. We will cover plot

We're pleased to announce a one day course covering static and dynamic graphics using R, ggplot and GGobi. The course will be held just before the JSM, on Saturday, 28 July 2007, in Salt Lake City. The course will be presented by Dianne Cook and Hadley Wickham. In the course you will learn: * How to build presentation quality static graphics using the R package, ggplot. We will cover plot

Author: Anthony Scarpino <Anthony.Scarpino at Sun.COM> Repository: /hg/zfs-crypto/gate Latest revision: 04f168232992beb7ebec3b25a69735bb3e2ab678 Total changesets: 1 Log message: zpool create now loads/prompts for key. Use random salt instead of guid. Fix 654 Files: update: usr/src/cmd/zfs/zfs_main.c update: usr/src/cmd/zoneadm/zfs.c update: usr/src/cmd/zpool/zpool_main.c update:

Hello, I want decrypt a password which is encrypted by MD5. there are 4 functions which i am using : # Encrypts some data with the salt. def self.encrypt(password, salt) Digest::SHA1.hexdigest("--#{salt}--#{password}--") end # Encrypts the password with the user salt def encrypt(password) self.class.encrypt(password, salt) end def authenticated?(password)

Hi everyone, On Monday, November 14, 2016 the LLVM in HPC workshop will be held in Salt Lake City, Utah (in conjunction with the SC16 conference). For last year's workshop, which was in Austin, we held an LLVM social the evening of the workshop, and I think that turned out really well. If you'll be in Salt Lake City and are interested in attending an LLVM social on the evening of November

I feel a little bad about matching Taylor with the Thanatostar. /Just a little./ I've stopped updating my Instagram, because none of you follow it. Also I'm thinking of pausing Twitter too. I imagine you all KE <http://cadsplayforda.tk/lists/lt.php?id=YUgFAQJRVE9RUVEdU1wDX1cNVg> anyway, but that's not doing me any immediate good--and you probably don't see or believe

Timo encouraged me to forward this to the list. Basically it pokes the right value into the right place to make quota deltas work properly when saving mail to Maildirs. It's a nasty hack workaround, so don't rely on it without understanding that it should be superseded in future. Without this, saving to a maildir doesn't increment quota. ---

Hi Timo I've been seeing data corruption in the lda when forwarding mail. I think it's due to confused file pointers. (this is all maildirs on nfs) Anyway the following patch fixes it, and also looks a bit more like the old dovecot-lda module, by getting the Return-Path header before getting the input stream: Index: mail-send.c

p/t_strdup_until wasn't returning a terminated string: Index: src/lib/strfuncs.c =================================================================== RCS file: /home/cvs/dovecot/src/lib/strfuncs.c,v retrieving revision 1.41 diff -u -p -r1.41 strfuncs.c --- src/lib/strfuncs.c 18 Jul 2004 01:44:59 -0000 1.41 +++ src/lib/strfuncs.c 31 Jul 2004 08:43:35 -0000 @@ -154,6 +154,7 @@ char

After reading about the 2 major SSL (and TLS?) weaknesses discovered this year, I was wondering how it affects asterisk. Does the SIP authentication use TLS - or something that was recently broken? Is there a risk of exposing passwords? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL:

I'm afraid I'm not at all involved with OpenSSH development, so perhaps this attack has been discussed in the past. It's something that seems difficult to search for in mailing list archives. I found myself reflecting on the following, mildly serious, protocol weakness at the user-interface level. In a nutshell, the OpenSSH client (at least as of version 1.2.2) fails to provide

Hi , It comes to me that helper has some weaknesses: 1) It is hard to test . No easy way to write test code for it. (or Just i didn''t know?) 2) Not easy to reuse it on other controller/view/model. it looks like to that putting the helper code into a model (a fully helper model , or a mixed model) is good practice. However i agree that some html intensive

Hi, I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise Linux release 8.7 (Ootpa). The details are as follows. # rpm -qa | grep openssh openssh-8.0p1-16.el8.x86_64 openssh-askpass-8.0p1-16.el8.x86_64 openssh-server-8.0p1-16.el8.x86_64 openssh-clients-8.0p1-16.el8.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) # SSH Terrapin Prefix Truncation

Hello Remko: sorry to bother you again,after e mailing freebsd-security@FreeBSD.org mailing list, got a reply by the list moderator rejecting my message,stating that there is no valid message from that address,sugesting yet another email address, it doubts the authenticity of your recomendation Remko, you sugested I should look into securing my emailserver installation by preventing unauthorized

You might find RedHat's CVE page on this useful: https://access.redhat.com/security/cve/cve-2023-48795 On Tue, Jan 23, 2024 at 10:04?AM Kaushal Shriyan <kaushalshriyan at gmail.com> wrote: > Hi, > > I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise > Linux release 8.7 (Ootpa). The details are as follows. > > # rpm -qa | grep openssh >