similar to: Dovecot + libsodium

Displaying 20 results from an estimated 700 matches similar to: "Dovecot + libsodium"

2016 Aug 01
3
New password hashing scheme as plugin
2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>: > > > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at gmail.com> > wrote: > > > > > > Hi, > > > > > > I want to add a new password hashing scheme as plugin and provide it for > > the dovecot project, so that it will be included as optional plugin in > > future
2016 Aug 01
2
New password hashing scheme as plugin
> On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote: > > > > > On August 1, 2016 at 3:45 PM Andreas Meyer <luckyfellow42 at gmail.com> wrote: > > > > > > 2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>: > > > > > > > > > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at gmail.com> >
2016 Jul 26
2
New password hashing scheme as plugin
Hi, I want to add a new password hashing scheme as plugin and provide it for the dovecot project, so that it will be included as optional plugin in future releases. Yet the plugin compiles fine and the .so file gets created. My approach is to call the functions password_scheme_register() and password_scheme_unregister() (src/auth/password-scheme.c) inside the plugin's _init() and _deinit()
2019 Feb 13
3
Support for Argon2 for password hashing
Is there any information on adding support for Argon2? I have been working on my new mailserver and this came up in moving from the default MD5 hash to more 'modern' hashes like SHA256 and SHA512.? Then I was pointed to the work behind Argon2, and I see that it is moving through the IRTF cfrg workgroup: draft-irtf-cfrg-argon2-04.txt It is a 'purpose built' hash for passwords,
2018 Dec 04
1
dovecot and argon2 encryption
On 12/4/18, 1:14 AM, "dovecot on behalf of Aki Tuomi" <dovecot-bounces at dovecot.org on behalf of aki.tuomi at open-xchange.com> wrote: On 3.12.2018 22.24, Jerry wrote: > I am using a FreeBSD 11-2 amd/64 system with dovecot version 2.3.4 installed. > I was playing around with different encryption schemes. > > doveadm pw -l > SHA1
2018 Dec 03
2
dovecot and argon2 encryption
I am using a FreeBSD 11-2 amd/64 system with dovecot version 2.3.4 installed. I was playing around with different encryption schemes. doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5
2023 Feb 22
1
Auth-worker, unknown scheme ARGON2ID
> On 22 Feb 2023, at 5:33 pm, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: >> >> Thanks Aki, that was helpful. When I add that I get: >> >> checking for LIBSODIUM... no >> configure: error: Can't build with libsodium: not found >> >> So I have to tell it where libsodium is. >> >> Tried: >> >>
2023 Feb 22
1
Auth-worker, unknown scheme ARGON2ID
> On 22/02/2023 07:48 EET James Brown <jlbrown at bordo.com.au> wrote: > > > > On 22 Feb 2023, at 4:14 pm, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > > I?ve spent ages on this and am getting really desperate! :-( > > > > > > CPPFLAGS=-I/opt/homebrew/Cellar/openssl at 3/3.0.8/include
2020 Aug 30
2
PBKDF2 password hashing as in ASP.NET Core
Thank you for your reply. It's not that simple, though. Just because some core algorithms are standardised and should be compatible doesn't mean their use in different implementations leads to interoperable data. The key point here seems to be that Dovecot just supports SHA-1 with PBKDF2, not SHA-256. So I'm out of luck here. The different formats are no longer relevant then.
2023 Feb 22
1
Auth-worker, unknown scheme ARGON2ID
> On 22/02/2023 08:41 EET James Brown <jlbrown at bordo.com.au> wrote: > > > > On 22 Feb 2023, at 5:33 pm, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > Thanks Aki, that was helpful. When I add that I get: > > > > > > checking for LIBSODIUM... no > > > configure: error: Can't build with libsodium: not
2019 Feb 20
4
Using SHA256/512 for SQL based password
On 2/19/19 1:50 AM, Aki Tuomi via dovecot wrote: > > > On 17.2.2019 10.46, Aki Tuomi via dovecot wrote: >> >>> On 17 February 2019 at 10:38 Odhiambo Washington via dovecot < >>> dovecot at dovecot.org <mailto:dovecot at dovecot.org>> wrote: >>> >>> >>> On Sun, 17 Feb 2019 at 11:34, Marc Weustink via dovecot < >>>
2023 Feb 22
1
Auth-worker, unknown scheme ARGON2ID
> On 22/02/2023 07:00 EET James Brown <jlbrown at bordo.com.au> wrote: > > > On 21 Feb 2023, at 10:12 pm, James Brown <jlbrown at bordo.com.au> wrote: > > > > > > > The new one has Dovecot compiled with same configure options, same configuration files, but fails to authenticate: > > > > Feb 21 21:51:03 master: Info: Dovecot v2.3.20
2019 Feb 17
3
Using SHA256/512 for SQL based password
<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 17 February 2019 at 10:38 Odhiambo Washington via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
2023 Feb 22
1
Auth-worker, unknown scheme ARGON2ID
> On 22/02/2023 09:10 EET James Brown <jlbrown at bordo.com.au> wrote: > > > On 22 Feb 2023, at 5:53 pm, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > > > > > > > > > > % locate libsodium > > > > > /opt/homebrew/Cellar/libsodium > > > > > /opt/homebrew/Cellar/libsodium/1.0.18_1
2020 Aug 29
2
PBKDF2 password hashing as in ASP.NET Core
Hello, I'm setting up a new server and, again, seek for a decently secure (from a security specialist's POV) way to store and verify user passwords in a database. Additionally now, GDPR requires me to use a solid state-of-the-art solution. My OS is Ubuntu 20.04, Dovecot version 2.3.7, database backend with PostgreSQL 12. Obviously, storing the plaintext password is a terrible idea.
2017 Oct 27
1
Password encription
The use of salt, today, is to prevent the attacker from directly seeing who has same passwords. Of course it also will make a rainbow table attack less useful, but then again, no one uses rainbow tables anymore since it takes about few minutes to brute force a password in the cloud or on your home computer GPU. SHA512-CRYPT uses by default 4000 rounds on dovecot, to make it more computationally
2017 Apr 26
3
LLDB security and the use of an IPC library
LLDB currently uses a client-server architecture.  That appears fine, but runs into an annoying security problem: other users on the same machine can connect to the TCP socket and take over LLDB and thus the user’s system.  This means that LLDB is useless in multiuser enviromnents on Linux, such as academic computer labs. The immediate problem can be solved by using either HMAC authentication of
2019 Feb 13
0
Support for Argon2 for password hashing
The version of libsodium in EPEL supports argon2 For php you can build the libsodium extension. Also php 7.2+ builds that extension if you specify it build time using --with-sodium=shared switch. For dovecot you have to build it against sodium which means building your own packages but it works. At least with modern upstream dovecot. On 2/13/19 5:18 AM, Robert Moskowitz wrote: > Is there
2023 Feb 22
1
Auth-worker, unknown scheme ARGON2ID
On 21 Feb 2023, at 10:12 pm, James Brown <jlbrown at bordo.com.au> wrote: > > The new one has Dovecot compiled with same configure options, same configuration files, but fails to authenticate: > > Feb 21 21:51:03 master: Info: Dovecot v2.3.20 (80a5ac675d) starting up for imap, pop3 (core dumps disabled) > Feb 21 21:51:33 auth-worker(11701): Error: conn unix:auth-worker
2017 Oct 27
3
Password encription
Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. >