Displaying 20 results from an estimated 3000 matches similar to: "PBKDF2 password hashing as in ASP.NET Core"
2020 Aug 30
2
PBKDF2 password hashing as in ASP.NET Core
Thank you for your reply.
It's not that simple, though. Just because some core algorithms are
standardised and should be compatible doesn't mean their use in
different implementations leads to interoperable data. The key point
here seems to be that Dovecot just supports SHA-1 with PBKDF2, not
SHA-256. So I'm out of luck here. The different formats are no longer
relevant then.
2020 Aug 30
0
PBKDF2 password hashing as in ASP.NET Core
> On 29/08/2020 23:49 Yves Goergen <nospam.list at unclassified.de> wrote:
>
>
> Hello,
>
> I'm setting up a new server and, again, seek for a decently secure (from
> a security specialist's POV) way to store and verify user passwords in a
> database. Additionally now, GDPR requires me to use a solid
> state-of-the-art solution.
>
> My OS is
2020 Aug 30
0
PBKDF2 password hashing as in ASP.NET Core
In case you are interested,
https://wiki.dovecot.org/HowTo/ConvertPasswordSchemes
By the way, I am bit sceptical that CRYPT-SHA512 is less secure than PBKDF2.
CRYPT-SHA512 is not "just" SHA512(salt||password), it does at least 1000 rounds of hashing in similar way as PBKDF2 does. So, what is your reasoning for claiming that PBKDF2 is much secure than CRYPT-SHA512?
Also, if you look
2019 Feb 13
3
Using SHA256/512 for SQL based password
On 2/13/19 8:30 AM, Aki Tuomi wrote:
> On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote:
>>
>> On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote:
>>>
>>> Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz
>>> <rgm at htt-consult.com>:
>>>
>>>> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:
2019 Feb 13
3
Using SHA256/512 for SQL based password
On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote:
>
>
> Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz
> <rgm at htt-consult.com>:
>
>> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:
>>> Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:
>>>> I have trying to find how to set the dovecot-sql.conf for using
2019 Feb 20
4
Using SHA256/512 for SQL based password
On 2/19/19 1:50 AM, Aki Tuomi via dovecot wrote:
>
>
> On 17.2.2019 10.46, Aki Tuomi via dovecot wrote:
>>
>>> On 17 February 2019 at 10:38 Odhiambo Washington via dovecot <
>>> dovecot at dovecot.org <mailto:dovecot at dovecot.org>> wrote:
>>>
>>>
>>> On Sun, 17 Feb 2019 at 11:34, Marc Weustink via dovecot <
>>>
2019 Feb 13
1
Using SHA256/512 for SQL based password
On 2/13/19 8:30 AM, Aki Tuomi wrote:
> On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote:
>>
>> On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote:
>>>
>>> Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz
>>> <rgm at htt-consult.com>:
>>>
>>>> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:
2019 Feb 14
3
Using SHA256/512 for SQL based password
Jean-Daniel Dupas via dovecot wrote:
>
>
>> Le 13 f?vr. 2019 ? 14:54, Robert Moskowitz via dovecot
>> <dovecot at dovecot.org <mailto:dovecot at dovecot.org>> a ?crit :
>>
>>
>>
>> On 2/13/19 8:30 AM, Aki Tuomi wrote:
>>> On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote:
>>>>
>>>> On 2/13/19 1:23 AM,
2019 Feb 17
3
Using SHA256/512 for SQL based password
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 17 February 2019 at 10:38 Odhiambo Washington via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
2018 Dec 03
2
dovecot and argon2 encryption
I am using a FreeBSD 11-2 amd/64 system with dovecot version 2.3.4 installed.
I was playing around with different encryption schemes.
doveadm pw -l
SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA
MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR
CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT
SMD5 DIGEST-MD5
2018 Dec 04
1
dovecot and argon2 encryption
On 12/4/18, 1:14 AM, "dovecot on behalf of Aki Tuomi" <dovecot-bounces at dovecot.org on behalf of aki.tuomi at open-xchange.com> wrote:
On 3.12.2018 22.24, Jerry wrote:
> I am using a FreeBSD 11-2 amd/64 system with dovecot version 2.3.4 installed.
> I was playing around with different encryption schemes.
>
> doveadm pw -l
> SHA1
2013 May 23
1
Time for key stretching in encrypted private keys?
In 0.9.7 the private key encryption was switched from 3DES to AES,
(https://bugzilla.mindrot.org/show_bug.cgi?id=1550) the motivation for this
being that 128-bits of security is better than the 112 or so you get from
3DES these days. Interestingly that bug is about upgrading to AES-256, but
we ended up with AES-128. Presumably due to the Solaris crippling?
However ssh-keygen still uses a
2019 Feb 13
0
Using SHA256/512 for SQL based password
> Le 13 f?vr. 2019 ? 14:54, Robert Moskowitz via dovecot <dovecot at dovecot.org> a ?crit :
>
>
>
> On 2/13/19 8:30 AM, Aki Tuomi wrote:
>> On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote:
>>>
>>> On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote:
>>>>
>>>> Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz
2019 Feb 20
0
Using SHA256/512 for SQL based password
> On 20 February 2019 15:10 Robert Moskowitz via dovecot <dovecot at dovecot.org> wrote:
>
>
>
>
>
> On 2/19/19 1:50 AM, Aki Tuomi via dovecot wrote:
>
>
> >
> >
> >
> > On 17.2.2019 10.46, Aki Tuomi via dovecot wrote:
> >
> >
> > >
> > >
> > >
> > > > On 17 February
2019 Feb 17
0
Using SHA256/512 for SQL based password
On Sun, 17 Feb 2019 at 11:34, Marc Weustink via dovecot <dovecot at dovecot.org>
wrote:
> Jean-Daniel Dupas via dovecot wrote:
> >
> >
> >> Le 13 f?vr. 2019 ? 14:54, Robert Moskowitz via dovecot
> >> <dovecot at dovecot.org <mailto:dovecot at dovecot.org>> a ?crit :
> >>
> >>
> >>
> >> On 2/13/19 8:30 AM, Aki
2019 Feb 13
0
Using SHA256/512 for SQL based password
On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote:
>
>
> On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote:
>>
>>
>> Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz
>> <rgm at htt-consult.com>:
>>
>>> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:
>>>> Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via
2012 Jun 08
13
Default password hash
We still have MD5 as our default password hash, even though known-hash
attacks against MD5 are relatively easy these days. We've supported
SHA256 and SHA512 for many years now, so how about making SHA512 the
default instead of MD5, like on most Linux distributions?
Index: etc/login.conf
===================================================================
--- etc/login.conf (revision
2018 Nov 11
1
Multiple grub2 Users with Passwords
Hello All,
I am trying to set multiple users with passwords for modifying grub2
menu entries at boot. I know I can set a "root" user grub2 password with
grub2-setpassword. I have also been able to make a grub2 user password
using the grub2-mkpasswd-pbkdf2 command and adding
??? set superusers="user1"
to the /etc/grub.d/40_custom file. However, I have multiple user
2014 Jul 25
1
improving passphrase protected private keys
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I got a proposal
for a slight different default
private key encryption protocol.
Here is my understanding what
ssh-keygen currently does.
According to this article:
http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html
when you create a new key with a
passphrase to protect it, ssh-keygen
uses a hard-coded openssl
2013 Mar 19
1
Help me about Bcrypt-ruby
I''m create a login form using Bcrypt-ruby but have error:
uninitialized constant User::BCrypt
I had setup Bcrypt-ruby in Gemfile
gem "bcrypt-ruby", :require => "bcrypt"
and restart,rake db:migrate but not run.I had run bundle:install,bundle:
update and see Bcrypt had installed.
i''m afraid that i use gem ''rails'',