similar to: Password encription

SHA512-CRYPT and PLAIN/LOGIN with SSL. ---Aki TuomiDovecot oy -------- Original message --------From: "j.emerlik" <j.emerlik at gmail.com> Date: 25/10/2017 12:07 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Cc: Dovecot Mailing List <dovecot at dovecot.org> Subject: Re: Password encription What scheme and mechanism do you recommend? 2017-10-25 11:01 GMT+02:00

CRAM-MD5 should not be used. Its not terribly secure. ---Aki TuomiDovecot oy -------- Original message --------From: "j.emerlik" <j.emerlik at gmail.com> Date: 25/10/2017 11:58 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Cc: Dovecot Mailing List <dovecot at dovecot.org> Subject: Re: Password encription Thx Aki, with CRAP-MD5 as scheme and mechanism?

Thx Aki, with CRAP-MD5 as scheme and mechanism it's works corretlly. 2017-10-25 10:52 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > PLAIN and LOGIN. > > > > --- > Aki Tuomi > Dovecot oy > > -------- Original message -------- > From: "j.emerlik" <j.emerlik at gmail.com> > Date: 25/10/2017 11:41 (GMT+02:00) > To: Dovecot Mailing

Hi, which authentication mechanism should I use for SHA-256 password schama ? Regards, Jack

The use of salt, today, is to prevent the attacker from directly seeing who has same passwords. Of course it also will make a rainbow table attack less useful, but then again, no one uses rainbow tables anymore since it takes about few minutes to brute force a password in the cloud or on your home computer GPU. SHA512-CRYPT uses by default 4000 rounds on dovecot, to make it more computationally

> On October 27, 2017 at 11:27 PM Joseph Tam <jtam.home at gmail.com> wrote: > > > Aki Tuomi wrote: > > > The use of salt, today, is to prevent the attacker from directly seeing > > who has same passwords. Of course it also will make a rainbow table > > attack less useful, > > Not just less useful, but almost infeasible. Given the use of random

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. >

On 27.10.2017 08:37, @lbutlr wrote: > On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: >> SHA512-CRYPT and PLAIN/LOGIN with SSL. > I?m happy with SHA256-CRYPT and PLAIN/LOGIN. > Yes. SHA256-CRYPT is good too. It was just recommendation over using CRAM-MD5, use anything with salt. Aki

Aki, if I understand it well, salt is useful when database is/was stolen ? Then thief can use eg. rainbow tables to decrypt passwords. Regards, Jack 2017-10-27 7:42 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > > > On 27.10.2017 08:37, @lbutlr wrote: > > On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > >> SHA512-CRYPT and PLAIN/LOGIN

Or you can implement a policy server yourself. :)The protocol is not complicated, json over http. See?https://wiki.dovecot.org/Auth/Policy ---Aki TuomiDovecot oy -------- Original message --------From: Aki Tuomi <aki.tuomi at dovecot.fi> Date: 21/05/2018 19:13 (GMT+02:00) To: Marc Perkel <marc at perkel.com>, dovecot at dovecot.org Subject: Re: Dovecot blacklist?

Sorry for finnish. I think it might also work with libtool flag -static in Makefile.am LDADD flags.---Aki TuomiDovecot oy -------- Original message --------From: Aki Tuomi <aki.tuomi at dovecot.fi> Date: 05/02/2017 20:21 (GMT+02:00) To: Dovecot Mailing List <dovecot at dovecot.org> Subject: Re: Panic error from dovecot 2.2.27 using libressl 2.4.5 (cross-posting at GitHub) jos

On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > SHA512-CRYPT and PLAIN/LOGIN with SSL. I?m happy with SHA256-CRYPT and PLAIN/LOGIN. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.

> Aki, (Not speaking for Aki) > I understand that salted passwords saved in my database and stronger hash > algorithm course that it will require more processor time/power to crack my > passwords. > > But only when hackers have direct access to my database what means that > hackers have access to my passwords hashes (eg. hackers stolen my database). > > My Dovecot

Hy everybody, I'm using rsync to backup/synchronize folders to/from USB connected external hard drives. But I can't find an answer to a doubt. Does rsync use encription also for local tranfers? For "local transfer" I mean a transfer that doesn't go through a network like folders synchronization with external hard drives. I'm asking because the speed of local transfers

Unfortunately, I tried for weeks to figure out passdb ldap without success. I guess I'm just not knowledgeable enough about how to use ldap and Active Directory. The dovecot wiki https://wiki2.dovecot.org/AuthDatabase/LDAPm doesn't help me much. All it says is: Active Directory When connecting to AD, you may need to use port 3268. Then again, not all LDAP fields are available in port

You might get better results with https://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm It seems you'd have to configure OpenLDAP backend for Samba to have LDAP. Aki On 04.12.2017 02:38, Mark Foley wrote: > Unfortunately, I tried for weeks to figure out passdb ldap without success. I guess I'm just > not knowledgeable enough about how to use ldap and Active Directory. The dovecot

In future release we will add master authentication too. Now you can use api key or doveadm password which are essentially same thing. ---Aki TuomiDovecot oy-------- Alkuper?inen viesti --------L?hett?j?: Peter Chiochetti <pch at myzel.net> P?iv?m??r?: 4.3.2016 20.20 (GMT+02:00) Saaja: dovecot at dovecot.org Aihe: Re: v2.2.22 release candidate released Am 2016-03-04 um 14:33 schrieb Timo

Op 7/7/2017 om 1:18 PM schreef j.emerlik: > Solved temporary by replacing X-Spam-Status to X-Spam-Flag. > > X-Spam-Flag in my system is added only to SPAM e-mail, anyway it looks like > a bug. Can you show your configuration (output from `dovecot -n`)? An example message may also be useful. Regards, Stephan. > Regards, > Jack > > > 2017-07-07 12:41 GMT+02:00

mj - thanks! That the first useful example I've received from any forum/list. I'm getting ready to try my config (have to do so after hours), but I have some probably simple-minded questions: Your example is not the complete dovecot-ldap.conf.ext file, right? Have you just given me differences in your config from the "original"? You've kept the hosts, base, ldap_version,

Solved temporary by replacing X-Spam-Status to X-Spam-Flag. X-Spam-Flag in my system is added only to SPAM e-mail, anyway it looks like a bug. Regards, Jack 2017-07-07 12:41 GMT+02:00 j.emerlik <j.emerlik at gmail.com>: > Yes, I'am sure. > > I've only global as: > ============== > require "fileinto"; > > if header :contains