similar to: How to migrate from md5 to bcrypt?

I''m create a login form using Bcrypt-ruby but have error: uninitialized constant User::BCrypt I had setup Bcrypt-ruby in Gemfile gem "bcrypt-ruby", :require => "bcrypt" and restart,rake db:migrate but not run.I had run bundle:install,bundle: update and see Bcrypt had installed. i''m afraid that i use gem ''rails'',

Hi everyone, Was just perusing this article about how trivial it is to decrypt passwords that are stored using most (standard) encryption methods (like MD5), and was wondering - is it possible to use bcrypt with dovecot+postfix+mysql (or posgres)? -- Best regards, Charles

Hi I'd like Dovecot to consume a list of users exported from an external application which stores bcrypted passwords. This has been asked in the past, however, I'm not sure how to read the following reply: > If you are using Dovecot< 2.0 you can also use any of the algorithms > supported by your system's libc. But then you have to prefix the hashes > with {CRYPT} - not

I''m going through DHH''s Agile Web Development with Rails for Rails 3.1. In chapter 14 they create a Users sign-in model/view/controller using the has_secure_password method. My user.rb file looks like this class User < ActiveRecord::Base attr_accessible :name, :password_digest, :password, :password_confirmation validates :name, presence: true, uniqueness:

https://gist.github.com/2585733 This is my code. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For

https://bugzilla.mindrot.org/show_bug.cgi?id=1830 Summary: Patch to get py-bcrypt to build for Python 2.6 on Windows Product: py-bcrypt Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Default AssignedTo: unassigned-bugs at

It is a jolly bad idea to use the same password for both email and system access. On TLS+plaintext, if your passwords are slurped by a python script, all accounts are compromised. Congratulations, the NSA will love you. On the other side of the ocean, however, there are European states where you must disclose the fact, or go to jail. (I tried to protect dovecot passwords with bcrypt, but the

Hey! I've been trying to get bloodline champions running with wine, but encountering this weird problem. Hoping someone could give some advice. When I run in XP mode, I can log in and it runs all fine, but has no sound. But when I run any other mode (win 7, vista, 2008, etc), I get sound, but can not log in and get an error saying: wine: Call from 0x7b839f22 to unimplemented function

https://bugzilla.mindrot.org/show_bug.cgi?id=1982 Bug #: 1982 Summary: different behavior compared to php (openwall version of bcrypt) Classification: Unclassified Product: jBCrypt Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

I can`t figure out why on heroku server my app crashed. On local server all seems works. 2012-08-01T17:14:50+00:00 app[web.1]: NameError (uninitialized constant Barby::Code128A): 2012-08-01T17:14:50+00:00 app[web.1]: app/models/order.rb:102:in `generate_shipment'' 2012-08-01T17:14:50+00:00 app[web.1]: app/models/order.rb:60:in `generate_items'' 2012-08-01T17:14:50+00:00

Dear Timo, Do you intend to introduce bcrypt into the built in password schemes? In lew of all these hacks lately many larger companies appear moving this way, we are looking at it too, but dovecot will then be the weakest link in the database security. So, are you planning on this and if so what sort of timeframe / version would you expect it to be in beta ? Nik

>>>>> Aki Tuomi <aki.tuomi at dovecot.fi>: > On 2017-03-25 17:54, Steinar Bang wrote: >> This is a PAM module that listens for password changes, and will update >> the MD5 password for a user, in a file that dovecot can read, when the >> user's password is changed: >> https://github.com/steinarb/pam_dovecotmd5pwd >> >> Caveat

Hello, I'm setting up a new server and, again, seek for a decently secure (from a security specialist's POV) way to store and verify user passwords in a database. Additionally now, GDPR requires me to use a solid state-of-the-art solution. My OS is Ubuntu 20.04, Dovecot version 2.3.7, database backend with PostgreSQL 12. Obviously, storing the plaintext password is a terrible idea.

Hi, I want to write some php code that users can change there dovecot password via a roundcube plugin. I'm using php function crypt(...) to generate the hashes and everything works well so far. I'm using doveadm pw to generate testhashes e.g.: srv:~ # doveadm pw -r 5 -s BLF-CRYPT -p abc {BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y I expected an

Hello, does dovecot support bcrypt $2y$ version? (BLF-CRYPT - Blowfish crypt) doveadm pw -s BLF-CRYPT generates a {BLF-CRYPT}$2a$05$....... password. Does this mean that dovecote will not authenticate against a $2y$10$....... password? Thanks in advance, -Graham-

> You could configure default scheme as CRYPT. It covers these all. Otherwise > you need to make sure passwords have {SCHEME} prefix when it differs from > default or oddities occur. --- Thank you for the tip with CRYPT. Is there any explanation for this behaviour though? Why are BCRYPT hashes accepted when default_pass_scheme is set to SHA512-CRYPT and not vice versa? Is this

> Password schemes: HMAC-MD5, RPA, SKEY, PLAIN-MD4, LANMAN, NTLM, SMD5 The web is flooded with plain text passwords and hashed passwords harvested from hacked servers. Dovecot stores passwords with the same scheme used for client authentication. Therefore, we use crammd5/hmac-md5. It does not look like much, but is better than plaintext. As md5 is about to go, and I have no intention to

Being a rails newbie, I started to design our first rails-based webapp. This app should not only be used via browsers, but we also want to provide a (RESTful) api. I love the ''convention over configuration'' paradigm, but am totally clueless on what to do when it comes to user authentication. Is there a THE rails-way of doing this? I found many excellent gems and plugins, such as

https://bugzilla.mindrot.org/show_bug.cgi?id=2207 Bug ID: 2207 Summary: Potential NULL deference, found using coverity Product: Portable OpenSSH Version: -current Hardware: Other OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:

I am new to Rails and attempting to upgrade Rails on my Mac to latest version so that I can follow the rails tutorial, but I just can''t seem to get anywhere. When I attempt to update rails with: $ sudo gem update rails -y, I receive the following error. ERROR: Error installing rails: ERROR: Failed to build gem native extension. Any ideas what I am doing wrong, or what I can do