similar to: Password encription

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. >

> On October 27, 2017 at 11:27 PM Joseph Tam <jtam.home at gmail.com> wrote: > > > Aki Tuomi wrote: > > > The use of salt, today, is to prevent the attacker from directly seeing > > who has same passwords. Of course it also will make a rainbow table > > attack less useful, > > Not just less useful, but almost infeasible. Given the use of random

CRAM-MD5 should not be used. Its not terribly secure. ---Aki TuomiDovecot oy -------- Original message --------From: "j.emerlik" <j.emerlik at gmail.com> Date: 25/10/2017 11:58 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Cc: Dovecot Mailing List <dovecot at dovecot.org> Subject: Re: Password encription Thx Aki, with CRAP-MD5 as scheme and mechanism?

SHA512-CRYPT and PLAIN/LOGIN with SSL. ---Aki TuomiDovecot oy -------- Original message --------From: "j.emerlik" <j.emerlik at gmail.com> Date: 25/10/2017 12:07 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Cc: Dovecot Mailing List <dovecot at dovecot.org> Subject: Re: Password encription What scheme and mechanism do you recommend? 2017-10-25 11:01 GMT+02:00

Hy everybody, I'm using rsync to backup/synchronize folders to/from USB connected external hard drives. But I can't find an answer to a doubt. Does rsync use encription also for local tranfers? For "local transfer" I mean a transfer that doesn't go through a network like folders synchronization with external hard drives. I'm asking because the speed of local transfers

PLAIN and LOGIN. ---Aki TuomiDovecot oy -------- Original message --------From: "j.emerlik" <j.emerlik at gmail.com> Date: 25/10/2017 11:41 (GMT+02:00) To: Dovecot Mailing List <dovecot at dovecot.org> Subject: Password encription Hi, which authentication mechanism should I use for SHA-256 password schama ? Regards, Jack

Thx Aki, with CRAP-MD5 as scheme and mechanism it's works corretlly. 2017-10-25 10:52 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > PLAIN and LOGIN. > > > > --- > Aki Tuomi > Dovecot oy > > -------- Original message -------- > From: "j.emerlik" <j.emerlik at gmail.com> > Date: 25/10/2017 11:41 (GMT+02:00) > To: Dovecot Mailing

Dear all, First we have to encrypt a file in solaris. That file i have to decrypt in windows. But problem is in byte allocation. If I write this way encContent[0] = buf[3]; encContent[1] = buf[2]; encContent[2] = buf[1]; encContent[3] = buf[0]; encContent[4] = buf[7]; encContent[5] = buf[6];

Hi, which authentication mechanism should I use for SHA-256 password schama ? Regards, Jack

On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > SHA512-CRYPT and PLAIN/LOGIN with SSL. I?m happy with SHA256-CRYPT and PLAIN/LOGIN. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.

On 27.10.2017 08:37, @lbutlr wrote: > On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: >> SHA512-CRYPT and PLAIN/LOGIN with SSL. > I?m happy with SHA256-CRYPT and PLAIN/LOGIN. > Yes. SHA256-CRYPT is good too. It was just recommendation over using CRAM-MD5, use anything with salt. Aki

Aki, if I understand it well, salt is useful when database is/was stolen ? Then thief can use eg. rainbow tables to decrypt passwords. Regards, Jack 2017-10-27 7:42 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > > > On 27.10.2017 08:37, @lbutlr wrote: > > On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > >> SHA512-CRYPT and PLAIN/LOGIN

The use of salt, today, is to prevent the attacker from directly seeing who has same passwords. Of course it also will make a rainbow table attack less useful, but then again, no one uses rainbow tables anymore since it takes about few minutes to brute force a password in the cloud or on your home computer GPU. SHA512-CRYPT uses by default 4000 rounds on dovecot, to make it more computationally

Hello Fach, I have used openvpn for a while and in the new release thereis a feature called "server mode" that makes posible to have a full network of vpn links besides a single TUN/TAP adaptor (a pure software NIC) in the server. I haven't used that feature, but I think this is what you need. Also openvpn runs on linux, *bsd, solaris, windows, and maybe in other OS. Miguel >

On 04.02.19 23:56, Michael S. Tsirkin wrote: > > On Wed, Jan 09, 2019 at 08:17:31PM +0530, Pankaj Gupta wrote: >> This patch series has implementation for "virtio pmem". >> "virtio pmem" is fake persistent memory(nvdimm) in guest >> which allows to bypass the guest page cache. This also >> implements a VIRTIO based asynchronous flush

Hi Michael, Thanks for looking into this and summarizing in detail. > > This patch series has implementation for "virtio pmem". > > "virtio pmem" is fake persistent memory(nvdimm) in guest > > which allows to bypass the guest page cache. This also > > implements a VIRTIO based asynchronous flush mechanism. > > > At Pankaj's request

Hello, My team and I have recently published an LLVM-based tool at “Cryptography and Security in Computing Systems 2016” (CS2), and we would like to add it on the list of LLVM related publications. The goal of our tool is to automatically protect the code being compiled against fault injection attacks *Title:* Compilation of a Countermeasure Against Instruction-Skip Fault Attacks Available

Hi, I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise Linux release 8.7 (Ootpa). The details are as follows. # rpm -qa | grep openssh openssh-8.0p1-16.el8.x86_64 openssh-askpass-8.0p1-16.el8.x86_64 openssh-server-8.0p1-16.el8.x86_64 openssh-clients-8.0p1-16.el8.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) # SSH Terrapin Prefix Truncation

On Wed, Jan 09, 2019 at 08:17:31PM +0530, Pankaj Gupta wrote: > This patch series has implementation for "virtio pmem". > "virtio pmem" is fake persistent memory(nvdimm) in guest > which allows to bypass the guest page cache. This also > implements a VIRTIO based asynchronous flush mechanism. At Pankaj's request I looked at information leak

On 2020-04-22 5:29 a.m., Johannes Rohr wrote: > Dear all, > > what are the key strategies for intrusion prevention and detection with > dovecot, apart from installing fail2ban? > It is a pity that the IMAP protocol does not support 2 factor > authentication, which seems to stop 90% of intrusion attempts in their > tracks. Without it, if someone has obtained your password and