similar to: bcrypt again

Hi everyone, Was just perusing this article about how trivial it is to decrypt passwords that are stored using most (standard) encryption methods (like MD5), and was wondering - is it possible to use bcrypt with dovecot+postfix+mysql (or posgres)? -- Best regards, Charles

Hi The blf-crypt password schema mentioned in the docs could be a solution to my auth problem. However, the docs state that actual support depends on the glibc. Mine apparently doesn't. Does support depend on the glibc's version (mine is 2.15-r2)? Maybe someone with access to a box with a good enough glibc could do the following and post the hash for the plain password "test"?

I''m create a login form using Bcrypt-ruby but have error: uninitialized constant User::BCrypt I had setup Bcrypt-ruby in Gemfile gem "bcrypt-ruby", :require => "bcrypt" and restart,rake db:migrate but not run.I had run bundle:install,bundle: update and see Bcrypt had installed. i''m afraid that i use gem ''rails'',

I''m going through DHH''s Agile Web Development with Rails for Rails 3.1. In chapter 14 they create a Users sign-in model/view/controller using the has_secure_password method. My user.rb file looks like this class User < ActiveRecord::Base attr_accessible :name, :password_digest, :password, :password_confirmation validates :name, presence: true, uniqueness:

https://bugzilla.mindrot.org/show_bug.cgi?id=1830 Summary: Patch to get py-bcrypt to build for Python 2.6 on Windows Product: py-bcrypt Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Default AssignedTo: unassigned-bugs at

I would like to migrate users from my old phpfusion site but I have there hash password md5(md5) how to convert this passwords to bcrypt? I creating Sinatra app whre i use this passwords with Warden. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To view this discussion on the web visit

> You could configure default scheme as CRYPT. It covers these all. Otherwise > you need to make sure passwords have {SCHEME} prefix when it differs from > default or oddities occur. --- Thank you for the tip with CRYPT. Is there any explanation for this behaviour though? Why are BCRYPT hashes accepted when default_pass_scheme is set to SHA512-CRYPT and not vice versa? Is this

Hello, does dovecot support bcrypt $2y$ version? (BLF-CRYPT - Blowfish crypt) doveadm pw -s BLF-CRYPT generates a {BLF-CRYPT}$2a$05$....... password. Does this mean that dovecote will not authenticate against a $2y$10$....... password? Thanks in advance, -Graham-

Hey! I've been trying to get bloodline champions running with wine, but encountering this weird problem. Hoping someone could give some advice. When I run in XP mode, I can log in and it runs all fine, but has no sound. But when I run any other mode (win 7, vista, 2008, etc), I get sound, but can not log in and get an error saying: wine: Call from 0x7b839f22 to unimplemented function

Hi, I want to write some php code that users can change there dovecot password via a roundcube plugin. I'm using php function crypt(...) to generate the hashes and everything works well so far. I'm using doveadm pw to generate testhashes e.g.: srv:~ # doveadm pw -r 5 -s BLF-CRYPT -p abc {BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y I expected an

Hello, I'm setting up a new server and, again, seek for a decently secure (from a security specialist's POV) way to store and verify user passwords in a database. Additionally now, GDPR requires me to use a solid state-of-the-art solution. My OS is Ubuntu 20.04, Dovecot version 2.3.7, database backend with PostgreSQL 12. Obviously, storing the plaintext password is a terrible idea.

Hi all, I'm currently using a PostgreSQL database for my user/password db, directly from dovecot. The trouble with that is that I'm stuck with whatever hash algorithms dovecot supports - which IIRC means (a subset of?) what libc has been compiled with, which can be a bit restrictive. So I'd like to use an external tool, which would also let me integrate other applications (eg web

Dear Timo, Do you intend to introduce bcrypt into the built in password schemes? In lew of all these hacks lately many larger companies appear moving this way, we are looking at it too, but dovecot will then be the weakest link in the database security. So, are you planning on this and if so what sort of timeframe / version would you expect it to be in beta ? Nik

https://bugzilla.mindrot.org/show_bug.cgi?id=1982 Bug #: 1982 Summary: different behavior compared to php (openwall version of bcrypt) Classification: Unclassified Product: jBCrypt Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

hi all, can anyone help me with dovecot-sql.conf please ? I'm not a mysql expert and I'am trying to authenticate dovecot2 to an existing database. I have a database "egroupware" with table "egw_accounts". The field "account_lid" is the full email address and "account_pwd" is the password in Blowfish format. Here is my dovecot-sql.conf driver =

It is a jolly bad idea to use the same password for both email and system access. On TLS+plaintext, if your passwords are slurped by a python script, all accounts are compromised. Congratulations, the NSA will love you. On the other side of the ocean, however, there are European states where you must disclose the fact, or go to jail. (I tried to protect dovecot passwords with bcrypt, but the

Greetings, this is less of a bug report or a help request, but we would like to know if someone can explain the following: Environment: Centos 7 with Dovecot 2.3.4-2 default_pass_scheme = BLF-CRYPT password hash in database : BLF-CRYPT login = works default_pass_scheme = SHA512 or SHA256-CRYPT password hash in database : BLF-CRYPT login = also works default_pass_scheme = BLF-CRYPT password

these days many unix-based systems contain crypt() with more than DES support (for instance, MD5 in freebsd/openbsd/netbsd, bcrypt in openbsd/netbsd). we need to use crypt() in libcrypt, not in licrypto, as much as possible. itojun --- configure.ac.orig Tue Jun 25 10:56:47 2002 +++ configure.ac Tue Jun 25 10:57:25 2002 @@ -697,6 +702,9 @@ ) fi +# use libcrypt if there is

>> Maybe, Dovecot could just add support for BLF-CRYPT by using the open source implementation of Blowfish hashing found in https://github.com/php/php-src/tree/master/ext/standard <https://github.com/php/php-src/tree/master/ext/standard>. The implementation looks like a single function to generate the hash. I?m not much of a programmer, but it would seem to me that these .c/.h files

https://bugzilla.mindrot.org/show_bug.cgi?id=2207 Bug ID: 2207 Summary: Potential NULL deference, found using coverity Product: Portable OpenSSH Version: -current Hardware: Other OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: