similar to: sha-512 ... shadow blended with database

Hello, Thanks for the explanation. So should I go with SSHA512 or SHA512-CRYPT? From your explanation i'm interpreting to mean that SHA512-CRYPT also salts. This is for storing in a mysql database. Also, what should the password field length and type be set for? Currently it's varchar(128) Thanks. Dave. On 4/29/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > >> On April

Hello, I have a few questions on password schemes. Is SHA512 the most secure? Is there a difference between SHA512 and SHA512-CRYPT? What about SSHA512 and SSH512-CRYPT? Is there a problem with this sql statement: UPDATE virtual_users SET password=CONCAT(?{SHA256-CRYPT}?, ENCRYPT (?Password Goes Here?, CONCAT(?$5$?, SUBSTRING(SHA(RAND()), -16)))) WHERE user=?user at example.com?; I'm

The idea of salted hash algorithms is to generate a different hash even if the same text is entered. That can be easily seen with dovecotpw: using NON-salted SHA256, same hash is generated for a given password [root at correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [root at correio ~]# dovecotpw -s SHA256 -p 123

Hello Stephan, Thanks for the link about SCRAM-SHA-256, good news for this point, hope a merge soon :) I am from this page: https://wiki.dovecot.org/Authentication/PasswordSchemes ^^ The -PLUS variant for all SCRAM is not possible too for have (with other SCRAM): SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS) Some softwares use

Hello all, I would like to know if it is possible to add SCRAM-SHA-256 and SCRAM-SHA-512 supports? RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS: Simple Authentication and Security Layer (SASL) Mechanisms https://tools.ietf.org/html/rfc7677 Thanks in advance. Regards, Neustradamus -------------- next part -------------- An HTML attachment was scrubbed... URL:

Dear all, I send you a new email to know what is the progress of SCRAM-SHA-***(-PLUS) supports? Currently there is only SCRAM-SHA-1: https://doc.dovecot.org/configuration_manual/authentication/password_schemes/. - RFC6331: Moving DIGEST-MD5 to Historic: https://tools.ietf.org/html/rfc6331 - RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms:

Hello. I'm switching from b1gmail to my own setup which consists of Postfix+Dovecot+MySQL (and maybe VBoxAdm). There are two problems: - b1gmail is using unsalted MD5 hashes. Is there any good way to make my new setup backward compatible? So I don't have to force all of my 50k users to change their password. - How do I change my setup to salted SHA256 (or an even better algorithm). And

> On 16 December 2018 at 10:27 Tributh via dovecot <dovecot at dovecot.org> wrote: > > > Hi, > is that here the right place to make feature requests? > > dovecot supports as authentication mechanism > SCRAM-SHA-1 from RFC 5802 > which was updated to > SCRAM-SHA-256 in RFC 7677 > > Can SCRAM-SHA-256 be added to the authentication mechanisms? > >

Hi, I am currently installing doveot as POP and IMAP server, but I a have a few difficulties configuring it correctly. I use postgresql to store the user information. The passwords are stored SHA1 encrypted. Now I have the problem that dovecot isn't accepting the user. In dovecot-pgsql.conf I defined default_pass_scheme = SHA1 I am not quite sure about whether this is corrents, since it

Op 16/12/2018 om 10:06 schreef Tributh via dovecot: > > Am 16.12.18 um 09:42 schrieb Aki Tuomi: >>> On 16 December 2018 at 10:27 Tributh via dovecot <dovecot at dovecot.org> wrote: >>> >>> >>> Hi, >>> is that here the right place to make feature requests? >>> >>> dovecot supports as authentication mechanism >>>

openSUSE 11.0 has glibc 2.8, which supports the SHA-512 method. Fallback to an explicit MD5 for older versions. --- customize/password.ml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/customize/password.ml b/customize/password.ml index 27ced67..258d726 100644 --- a/customize/password.ml +++ b/customize/password.ml @@ -162,6 +162,9 @@ and default_crypto g root = | "ubuntu", v

> On April 29, 2017 at 4:22 AM David Mehler <dave.mehler at gmail.com> wrote: > > > Hello, > > I have a few questions on password schemes. Is SHA512 the most secure? > Is there a difference between SHA512 and SHA512-CRYPT? What about > SSHA512 and SSH512-CRYPT? > > Is there a problem with this sql statement: > > UPDATE virtual_users SET

I would go with SHA512-CRYPT, since it is compatible with lots of other things. The field length is static and it contains ascii characters, and it appears to be 118 characters long, but it might be a good idea to use varchar(255) nevertheless, in case you decide to use something else someday. With mysql, you can do mysql> SELECT

Hello, I would like to change my courier to dovecot. When I try to setup ldap auth, I get error: dovecot-auth: ldap(martynas): Unknown password scheme SHA So, how enable SHA scheme on dovecot? regards, Martynas

Dear all, I use Dovecot SASL (2.1.15) on Ubuntu 12.04 for IMAP authentication and Postfix SASL authentication. I tried to setup SCRAM-SHA-1 as SASL mechanism. This works well on Dovecot's client side towards my OpenLDAP server (with libsasl-2), but fails on the server side (IMAP and SMTP). In the following, there's an extract from Dovecot's log, when using mutt as SMTP client:

Op 20/01/2019 om 00:45 schreef - Neustradamus -: > Hello all, > > I would like to know if it is possible to add SCRAM-SHA-256 and > SCRAM-SHA-512 supports? > > RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS: Simple Authentication > and Security Layer (SASL) Mechanisms > https://tools.ietf.org/html/rfc7677 > > Thanks in advance.

Hy, over the last days I have implemented SCRAM-SHA-1 in Dovecot's 2.1 branch. It does not do SCRAM-SHA-1-PLUS, but should be extendable enough to introduce it later. There are some checks for the message format which (assuming the client acts correclty) are not strictly necessary during parsing. This is partially in the hope that it might aid client implementers, partially because it (IMHO)

This solution is not mine, but its tested and works. Great thanks to my buddy @ four elements Hope its usefull for somebody over here. ================================ mainlocation ================================ %userprofile%\Application data\Mozilla\Profiles\%profile%\%salted%\... %userprofile% = C:\Documents and settings\%username% %profile% = "default" %salted% =

hello guys, I'm working on a federal university at Brasil, we already have an openLdap with all users and this base is used to authenticate several services like email, vpn, wireless (RADIUS), and we have also Shibboleth providing SSO. During my studies of Asterisk, i see a lot of people talking about the incapacity of asterisk (more precisely because of SIP) to authenticate against a

I downloaded CentOS-7-x86_64-Everything.iso (8,233,418,752 bytes) by clicking on the 'Everything' link in the 'Rolling' line on https://wiki.centos.org/Download (supposedly the 1611 build). But when I look in the sha256sum.txt file from https://buildlogs.centos.org/rolling/7/isos/x86_64/ (where Chrome says that iso came from), there is no SHA hash for a file of that name. The