similar to: Dovecot + libsodium

2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>: > > > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at gmail.com> > wrote: > > > > > > Hi, > > > > > > I want to add a new password hashing scheme as plugin and provide it for > > the dovecot project, so that it will be included as optional plugin in > > future

> On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote: > > > > > On August 1, 2016 at 3:45 PM Andreas Meyer <luckyfellow42 at gmail.com> wrote: > > > > > > 2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>: > > > > > > > > > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at gmail.com> >

Hi, I want to add a new password hashing scheme as plugin and provide it for the dovecot project, so that it will be included as optional plugin in future releases. Yet the plugin compiles fine and the .so file gets created. My approach is to call the functions password_scheme_register() and password_scheme_unregister() (src/auth/password-scheme.c) inside the plugin's _init() and _deinit()

Is there any information on adding support for Argon2? I have been working on my new mailserver and this came up in moving from the default MD5 hash to more 'modern' hashes like SHA256 and SHA512.? Then I was pointed to the work behind Argon2, and I see that it is moving through the IRTF cfrg workgroup: draft-irtf-cfrg-argon2-04.txt It is a 'purpose built' hash for passwords,

On 12/4/18, 1:14 AM, "dovecot on behalf of Aki Tuomi" <dovecot-bounces at dovecot.org on behalf of aki.tuomi at open-xchange.com> wrote: On 3.12.2018 22.24, Jerry wrote: > I am using a FreeBSD 11-2 amd/64 system with dovecot version 2.3.4 installed. > I was playing around with different encryption schemes. > > doveadm pw -l > SHA1

I am using a FreeBSD 11-2 amd/64 system with dovecot version 2.3.4 installed. I was playing around with different encryption schemes. doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5

> On 22 Feb 2023, at 5:33 pm, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: >> >> Thanks Aki, that was helpful. When I add that I get: >> >> checking for LIBSODIUM... no >> configure: error: Can't build with libsodium: not found >> >> So I have to tell it where libsodium is. >> >> Tried: >> >>

> On 22/02/2023 07:48 EET James Brown <jlbrown at bordo.com.au> wrote: > > > > On 22 Feb 2023, at 4:14 pm, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > > I?ve spent ages on this and am getting really desperate! :-( > > > > > > CPPFLAGS=-I/opt/homebrew/Cellar/openssl at 3/3.0.8/include

Thank you for your reply. It's not that simple, though. Just because some core algorithms are standardised and should be compatible doesn't mean their use in different implementations leads to interoperable data. The key point here seems to be that Dovecot just supports SHA-1 with PBKDF2, not SHA-256. So I'm out of luck here. The different formats are no longer relevant then.

> On 22/02/2023 08:41 EET James Brown <jlbrown at bordo.com.au> wrote: > > > > On 22 Feb 2023, at 5:33 pm, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > Thanks Aki, that was helpful. When I add that I get: > > > > > > checking for LIBSODIUM... no > > > configure: error: Can't build with libsodium: not

On 2/19/19 1:50 AM, Aki Tuomi via dovecot wrote: > > > On 17.2.2019 10.46, Aki Tuomi via dovecot wrote: >> >>> On 17 February 2019 at 10:38 Odhiambo Washington via dovecot < >>> dovecot at dovecot.org <mailto:dovecot at dovecot.org>> wrote: >>> >>> >>> On Sun, 17 Feb 2019 at 11:34, Marc Weustink via dovecot < >>>

> On 22/02/2023 07:00 EET James Brown <jlbrown at bordo.com.au> wrote: > > > On 21 Feb 2023, at 10:12 pm, James Brown <jlbrown at bordo.com.au> wrote: > > > > > > > The new one has Dovecot compiled with same configure options, same configuration files, but fails to authenticate: > > > > Feb 21 21:51:03 master: Info: Dovecot v2.3.20

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 17 February 2019 at 10:38 Odhiambo Washington via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:

> On 22/02/2023 09:10 EET James Brown <jlbrown at bordo.com.au> wrote: > > > On 22 Feb 2023, at 5:53 pm, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > > > > > > > > > > % locate libsodium > > > > > /opt/homebrew/Cellar/libsodium > > > > > /opt/homebrew/Cellar/libsodium/1.0.18_1

Hello, I'm setting up a new server and, again, seek for a decently secure (from a security specialist's POV) way to store and verify user passwords in a database. Additionally now, GDPR requires me to use a solid state-of-the-art solution. My OS is Ubuntu 20.04, Dovecot version 2.3.7, database backend with PostgreSQL 12. Obviously, storing the plaintext password is a terrible idea.

The use of salt, today, is to prevent the attacker from directly seeing who has same passwords. Of course it also will make a rainbow table attack less useful, but then again, no one uses rainbow tables anymore since it takes about few minutes to brute force a password in the cloud or on your home computer GPU. SHA512-CRYPT uses by default 4000 rounds on dovecot, to make it more computationally

LLDB currently uses a client-server architecture.  That appears fine, but runs into an annoying security problem: other users on the same machine can connect to the TCP socket and take over LLDB and thus the user’s system.  This means that LLDB is useless in multiuser enviromnents on Linux, such as academic computer labs. The immediate problem can be solved by using either HMAC authentication of

The version of libsodium in EPEL supports argon2 For php you can build the libsodium extension. Also php 7.2+ builds that extension if you specify it build time using --with-sodium=shared switch. For dovecot you have to build it against sodium which means building your own packages but it works. At least with modern upstream dovecot. On 2/13/19 5:18 AM, Robert Moskowitz wrote: > Is there

On 21 Feb 2023, at 10:12 pm, James Brown <jlbrown at bordo.com.au> wrote: > > The new one has Dovecot compiled with same configure options, same configuration files, but fails to authenticate: > > Feb 21 21:51:03 master: Info: Dovecot v2.3.20 (80a5ac675d) starting up for imap, pop3 (core dumps disabled) > Feb 21 21:51:33 auth-worker(11701): Error: conn unix:auth-worker

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. >