similar to: doveadm pw generates different hash each time it is invoked

I am absolutely dumbfounded by "doveadm pw". My understanding is that the command should be used to create a hashed password that should in turn be placed into /etc/dovecot/passwd Here comes the "dumbfounded" part. I was creating a new virtual user, running doveadm pw to generate the hashed password. But when I tried to login via imap, the password was rejected. So I started

Hi, It may be useful for testing purpose to know if a generated password hash correspond to a given clear password. This can be useful to check if a hash generated by another program can be verified by Dovecot without any errors. This patch adds the ability the verify a password hash using `doveadm pw` via the `-V` option. ??? $ doveadm pw -s SSHA.hex ??? Enter new password: ??? Retype new

Hi, Not sure if this is a PBKAC or not:- root at ds3:/usr/share/postfixadmin# doveadm pw -s SHA512-CRYPT -p password {SHA512-CRYPT}$6$aUgGXP0UshkMj7hY$9JV4yMRsjIe/98CzmglYrMjf.9NJ.FXzxcLE9B0v3doCRUWo2wRncc6hg6VCs0DCUHQbeC/bRDZdGCge/nB/h/ root at ds3:/usr/share/postfixadmin# doveadm pw -t

Hi, I use Debian jessie with Dovecot 2.2.13-11. While writing a script for Horde to change the passwords in my passwd file I noticed doveadm pw -t fails for SHA512-CRYPT: # doveadm pw -s SHA1 -p test {SHA1}qUqP5cyxm6YcTAhz05Hph5gvu9M= # doveadm pw -t {SHA1}qUqP5cyxm6YcTAhz05Hph5gvu9M= -p test {SHA1}qUqP5cyxm6YcTAhz05Hph5gvu9M= (verified) # doveadm pw -s SHA512-CRYPT -p test

doveadm pw -t '{SHA512-CRYPT}$6$8FfoioQWQDR/Vuzu$ynKiO/E6Xf4dMvfx2LsP9KQotqy5cEOEppnEh5Hqe1UpCYAgOwSIJlNb0O65fxdYcRZH3gNFQ7ZOM/2kD/R811' -p test You have $ in the password, see man-page of shell ... Am 04.06.2015 um 05:29 schrieb Felix Zielcke: > oveadm pw -t {SHA512-CRYPT}$6$8FfoioQWQDR/Vuzu$ynKiO/E6Xf4dMvfx2LsP9KQotqy5cEOEppnEh5Hqe1UpCYAgOwSIJlNb0O65fxdYcRZH3gNFQ7ZOM/2kD/R811 -p

> On October 27, 2017 at 11:27 PM Joseph Tam <jtam.home at gmail.com> wrote: > > > Aki Tuomi wrote: > > > The use of salt, today, is to prevent the attacker from directly seeing > > who has same passwords. Of course it also will make a rainbow table > > attack less useful, > > Not just less useful, but almost infeasible. Given the use of random

Hi all, Some time ago, I wrote a small CGI script to let users change their IMAP password. The script runs as www-data user and uses "doveadm pw" to check if a password hash matches a password. Unfortunately, this means that I have to make large parts of my dovecot config world-readable, as otherwise I get errors like this: doveconf: Fatal: Error in configuration file

Hello everyone, I'm trying to make dovecot do user authentication against a SQL database. The passwords (managed by Django) are stored as salted SHA1 encoded in hex. I monkey patched Django's password method so that the password hash is made with <password><salt> (Django does <salt><password>, the patched method was verified to return same value as

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. >

The reason it fails is because auth process runs out of memory and there is a bug in libsodium which causes it to crash in this scenario. The fix is to do service auth { ? vsz_limit = 0 # or 2G at least } Aki On 26.09.2018 09:12, Keith Amidon wrote: > I'm using dovecot version 2.3.2.1 (0719df592) and trying to use the > ARGON2ID crypt scheme for authentication using the passdb

dovecot --version => 2.1.7 When I as a normal user the command: doveadm pw -s sha512-crypt -p example_password the command exit with return code 89 and the message doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied If I make Dovecot's configuration files world readable the error goes away. Please remove configuration file dependencies from "doveadm

> Le 13 f?vr. 2019 ? 14:54, Robert Moskowitz via dovecot <dovecot at dovecot.org> a ?crit : > > > > On 2/13/19 8:30 AM, Aki Tuomi wrote: >> On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote: >>> >>> On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote: >>>> >>>> Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz

On Sun, 17 Feb 2019 at 11:34, Marc Weustink via dovecot <dovecot at dovecot.org> wrote: > Jean-Daniel Dupas via dovecot wrote: > > > > > >> Le 13 f?vr. 2019 ? 14:54, Robert Moskowitz via dovecot > >> <dovecot at dovecot.org <mailto:dovecot at dovecot.org>> a ?crit : > >> > >> > >> > >> On 2/13/19 8:30 AM, Aki

Hi I would like to simulate dovecot's dovecotpw with a perl script I tried / used use Crypt::SaltedHash; my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-1'); $csh->add($passwd_string); my $salted = $csh->generate; also use Digest::SHA1; use MIME::Base64; $ctx = Digest::SHA1->new; $ctx->add($passwd_string); $ctx->add('salt'); my $salted =

I'm using dovecot version 2.3.2.1 (0719df592) and trying to use the ARGON2ID crypt scheme for authentication using the passdb passwd-file driver. My passdb config is very simple: ??? passdb { ????? driver = passwd-file ????? args = username_format=%u <path-to-file-here> ??? } If I generate a password this way: ??? doveadm pw -s ARGON2ID -p 'This is a test' I get a crypt

Hi there, I was wondering if someone could explain how dovecot/dovecotpw produces salt for use in ssha passwords, I'd like to replicate this in PHP so I can write my passwords from php in ssha instead of just sha1. Thanks in advance, Andrea Baitis

Hi folks. I've recently set up a Postfix 2.9.6/Dovecot 2.0.19 IMAPS/SMTPS setup on Ubuntu 12.04.2 (Mysql backend). I'm new to all this, so I apologize if this is fairly basic. I've attempted to the best of my ability to search for an answer, but no luck so far. What I'm trying to do is generate a password hash that I can inject directly into my Mysql database (disaster recovery

On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote: > I wonder if could be useful to set the fall back account to something user > defined to avoid suggesting people add passwords to root, though I do like > root since the account is always there, Since committing that diff I've heard of people running in production with no root password (ie *LK*, !! or similar).

On 2/13/19 8:30 AM, Aki Tuomi wrote: > On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote: >> >> On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote: >>> >>> Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz >>> <rgm at htt-consult.com>: >>> >>>> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:

Jean-Daniel Dupas via dovecot wrote: > > >> Le 13 f?vr. 2019 ? 14:54, Robert Moskowitz via dovecot >> <dovecot at dovecot.org <mailto:dovecot at dovecot.org>> a ?crit : >> >> >> >> On 2/13/19 8:30 AM, Aki Tuomi wrote: >>> On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote: >>>> >>>> On 2/13/19 1:23 AM,