Displaying 20 results from an estimated 3000 matches similar to: "Password encription"
2017 Oct 27
0
Password encription
> On October 27, 2017 at 11:27 PM Joseph Tam <jtam.home at gmail.com> wrote:
>
>
> Aki Tuomi wrote:
>
> > The use of salt, today, is to prevent the attacker from directly seeing
> > who has same passwords. Of course it also will make a rainbow table
> > attack less useful,
>
> Not just less useful, but almost infeasible. Given the use of random
2017 Oct 27
2
Password encription
On 27.10.2017 08:37, @lbutlr wrote:
> On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>> SHA512-CRYPT and PLAIN/LOGIN with SSL.
> I?m happy with SHA256-CRYPT and PLAIN/LOGIN.
>
Yes. SHA256-CRYPT is good too. It was just recommendation over using
CRAM-MD5, use anything with salt.
Aki
2017 Oct 27
1
Password encription
The use of salt, today, is to prevent the attacker from directly seeing
who has same passwords. Of course it also will make a rainbow table
attack less useful, but then again, no one uses rainbow tables anymore
since it takes about few minutes to brute force a password in the cloud
or on your home computer GPU. SHA512-CRYPT uses by default 4000 rounds
on dovecot, to make it more computationally
2020 Aug 30
2
PBKDF2 password hashing as in ASP.NET Core
Thank you for your reply.
It's not that simple, though. Just because some core algorithms are
standardised and should be compatible doesn't mean their use in
different implementations leads to interoperable data. The key point
here seems to be that Dovecot just supports SHA-1 with PBKDF2, not
SHA-256. So I'm out of luck here. The different formats are no longer
relevant then.
2017 Oct 25
3
Password encription
SHA512-CRYPT and PLAIN/LOGIN with SSL.
---Aki TuomiDovecot oy
-------- Original message --------From: "j.emerlik" <j.emerlik at gmail.com> Date: 25/10/2017 12:07 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Cc: Dovecot Mailing List <dovecot at dovecot.org> Subject: Re: Password encription
What scheme and mechanism do you recommend?
2017-10-25 11:01 GMT+02:00
2017 Apr 29
2
most secure password scheme
Hello,
I have a few questions on password schemes. Is SHA512 the most secure?
Is there a difference between SHA512 and SHA512-CRYPT? What about
SSHA512 and SSH512-CRYPT?
Is there a problem with this sql statement:
UPDATE virtual_users SET password=CONCAT(?{SHA256-CRYPT}?, ENCRYPT
(?Password Goes Here?, CONCAT(?$5$?, SUBSTRING(SHA(RAND()), -16))))
WHERE user=?user at example.com?;
I'm
2017 Apr 30
2
most secure password scheme
Hello,
Thanks for the explanation. So should I go with SSHA512 or
SHA512-CRYPT? From your explanation i'm interpreting to mean that
SHA512-CRYPT also salts. This is for storing in a mysql database.
Also, what should the password field length and type be set for?
Currently it's varchar(128)
Thanks.
Dave.
On 4/29/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>
>> On April
2017 Oct 30
0
Password encription
> Aki,
(Not speaking for Aki)
> I understand that salted passwords saved in my database and stronger hash
> algorithm course that it will require more processor time/power to crack my
> passwords.
>
> But only when hackers have direct access to my database what means that
> hackers have access to my passwords hashes (eg. hackers stolen my database).
>
> My Dovecot
2015 Mar 31
6
How to decrypt rootpassword form kickstart file
Hi Team,
I have the kick start file where my root password is store like
# Root password
rootpw --iscrypted $1$1SItJOAg$UM9n7lRFK1/OCs./rgQtQ/
# System authorization information
auth --useshadow --passalgo=sha512
Is there any way to decry pt the password and get it as plain text.
I know single user mode works but my case it in remote site.
Thanks,
Jegadeesh
2017 Oct 27
0
Password encription
Aki,
if I understand it well, salt is useful when database is/was stolen ?
Then thief can use eg. rainbow tables to decrypt passwords.
Regards,
Jack
2017-10-27 7:42 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
>
>
> On 27.10.2017 08:37, @lbutlr wrote:
> > On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> >> SHA512-CRYPT and PLAIN/LOGIN
2017 Oct 25
1
Password encription
CRAM-MD5 should not be used. Its not terribly secure.
---Aki TuomiDovecot oy
-------- Original message --------From: "j.emerlik" <j.emerlik at gmail.com> Date: 25/10/2017 11:58 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Cc: Dovecot Mailing List <dovecot at dovecot.org> Subject: Re: Password encription
Thx Aki,
with CRAP-MD5 as scheme and mechanism?
2015 Feb 04
5
Another Fedora decision
On Wed, Feb 4, 2015 at 4:55 PM, Warren Young <wyml at etr-usa.com> wrote:
>>>
>> There have been remotely exploitable vulnerabilities where an arbitrary file could be read
>
> CVEs, please?
>
> I?m aware of vulnerabilities that allow a remote read of arbitrary files that are readable by the exploited process?s user, but for such an exploit to work on /etc/shadow,
2010 Aug 16
1
Does rsync use encription also for local tranfers?
Hy everybody,
I'm using rsync to backup/synchronize folders to/from USB connected external hard drives.
But I can't find an answer to a doubt.
Does rsync use encription also for local tranfers?
For "local transfer" I mean a transfer that doesn't go through a network like
folders synchronization with external hard drives.
I'm asking because the speed of local transfers
2017 Oct 25
0
Password encription
PLAIN and LOGIN.
---Aki TuomiDovecot oy
-------- Original message --------From: "j.emerlik" <j.emerlik at gmail.com> Date: 25/10/2017 11:41 (GMT+02:00) To: Dovecot Mailing List <dovecot at dovecot.org> Subject: Password encription
Hi,
which authentication mechanism should I use for SHA-256 password schama ?
Regards,
Jack
2017 Oct 25
0
Password encription
Thx Aki,
with CRAP-MD5 as scheme and mechanism it's works corretlly.
2017-10-25 10:52 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> PLAIN and LOGIN.
>
>
>
> ---
> Aki Tuomi
> Dovecot oy
>
> -------- Original message --------
> From: "j.emerlik" <j.emerlik at gmail.com>
> Date: 25/10/2017 11:41 (GMT+02:00)
> To: Dovecot Mailing
2002 May 14
0
Encription in unix and decryption in windows
Dear all,
First we have to encrypt a file in solaris. That
file i have to decrypt in windows. But problem is in
byte allocation.
If I write this way encContent[0] = buf[3];
encContent[1] = buf[2];
encContent[2] = buf[1];
encContent[3] = buf[0];
encContent[4] = buf[7];
encContent[5] = buf[6];
2017 Oct 25
0
Password encription
Hi,
which authentication mechanism should I use for SHA-256 password schama ?
Regards,
Jack
2017 Oct 27
0
Password encription
On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> SHA512-CRYPT and PLAIN/LOGIN with SSL.
I?m happy with SHA256-CRYPT and PLAIN/LOGIN.
--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.
2016 Jul 21
3
Openssh use enumeration
On Thu, Jul 21, 2016 at 12:31 PM, Selphie Keller
<selphie.keller at gmail.com> wrote:
> Ahh i see, just got up to speed on the issue, so seems like the issue is
> related to blowfish being faster then sha family hashing for longer length
> passwords,
or the system's crypt() not understanding $2a$ -style salts, which
most glibcs don't. On those, crypt fails immediately due
2015 Jan 10
5
Moving or "upgrading" from MD5 to SSHA512
Hello, world!
I have a long-running Dovecot & Postfix installation using PostgreSQL back-end.
Until now I've been using MD5 hashing but would like to "upgrade" to the salted SSHA512.
Is there a way to configure Dovecot so that it would automatically detect the type of the hash stored in the database, so that users who have changed their password (and thus being hashed with