On 01/05/2012 12:31 PM Charles Marcus wrote:
> …
> You said above that 'yes, I can use it with dovecot' - but what about
> postfix and mysql... where/how do they fit into this mix? My thought was
> that there are two issues here:
>
> 1. Storing them in bcrypted form, and
For MySQL the bcrypted
On 01/05/2012 11:36 AM, Charles Marcus wrote:
On 2012-01-05 11:21 AM, Willie Gillespie wrote:
If the phone knows the password and I have the phone, then I have the
password. Similarly, if I compromise the workstation that knows the
password, then I also have the password.
Interesting... I tho
On 01/05/2012 01:37 PM, Charles Marcus wrote:
> On 2012-01-05 11:31 AM, Michael Orlitzky wrote:
>> Ugh, sorry. I went to the link that someone else quoted:
>>
>>https://www.grc.com/haystack.htm
>
>> Gibson*is* a renowned crackpot.
>
> Don't know about that, but I do know from long experience
On 2012-01-05 11:31 AM, Michael Orlitzky wrote:
Ugh, sorry. I went to the link that someone else quoted:
https://www.grc.com/haystack.htm
Gibson*is* a renowned crackpot.
Don't know about that, but I do know from long experience Spinrite rocks!
Maybe
--
Best regards,
Charles
On 2012-01-05 11:21 AM, Willie Gillespie wrote:
If the phone knows the password and I have the phone, then I have the
password. Similarly, if I compromise the workstation that knows the
password, then I also have the password.
Interesting... I thought they were stored encrypted. I definitely u
Hi all,
I have no idea about that message, here is my configuration, what's wrong?
Debian testing, Dovecot 2.0.15
$ doveconf -n
# 2.0.15: /etc/dovecot/dovecot.conf
# OS: Linux 3.1.0-1-686-pae i686 Debian wheezy/sid
auth_default_realm = corp.example.com
auth_krb5_keytab = /etc/dovecot.keytab
aut
On 01/05/12 11:14, Charles Marcus wrote:
>
> Ummm... yes, he does... from tfa:
>
> "Salts Will Not Help You
>
> It’s important to note that salts are useless for preventing dictionary
> attacks or brute force attacks. You can use huge salts or many salts or
> hand-harvested, shade-grown, organic
On 1/5/2012 9:14 AM, Charles Marcus wrote:
On 2012-01-05 10:28 AM, Michael Orlitzky wrote:
On 01/05/12 06:26, Charles Marcus wrote:
You realize they're just walking around with a $400 post-it note with
the password written on it, right?
Nope, you are wrong - as I have patiently explained be
On 2012-01-05 10:28 AM, Michael Orlitzky wrote:
On 01/05/12 06:26, Charles Marcus wrote:
To prevent rainbow table attacks, salt your passwords. You can make them
a little bit more difficult in plenty of ways, but salt is the
/solution/.
Go read that link (you obviously didn't yet, because he
On 01/05/12 10:28, Michael Orlitzky wrote:
>>
>> Nope, you are wrong - as I have patiently explained before. They do not
>> *need* to write their password down.
>>
>
> They have them written down on their phones. If someone gets a hold of
> the phone, he can just read the password off of it.
I sh
On 01/04/12 21:06, Patrick Domack wrote:
>
> But still, the results are all the same, if they get the hash, it can be
> broken, given time. Using more cpu expensive methods make it take longer
> (like adding salt, more complex hash). But the end result is they will
> have it if they want it.
>
U
On 01/05/12 06:26, Charles Marcus wrote:
>
>> To prevent rainbow table attacks, salt your passwords. You can make them
>> a little bit more difficult in plenty of ways, but salt is the
>> /solution/.
>
> Go read that link (you obviously didn't yet, because he claims that
> salting passwords is ne
Quoting Noel Butler :
On Thu, 2012-01-05 at 04:05 +0100, Pascal Volk wrote:
On 01/05/2012 03:36 AM Noel Butler wrote:
>
> Because with multiple servers, we store them all in (replicated)
> mysql :) (the same with postfix/dovecot).
> and as I'm sure you are aware, Apache does not understand s
On 2012-01-04 8:19 PM, Pascal Volk
wrote:
On 01/03/2012 09:40 PM Charles Marcus wrote:
Hi everyone,
Was just perusing this article about how trivial it is to decrypt
passwords that are stored using most (standard) encryption methods (like
MD5), and was wondering - is it possible to use bcrypt
On 2012-01-03 8:58 PM, Michael Orlitzky wrote:
On 01/03/2012 08:25 PM, Charles Marcus wrote:
What I'm worried about is the worst case scenario of someone getting
ahold of the entire user database of *stored* passwords, where they can
then take their time and brute force them at their leisure, o
On 2012-01-03 8:37 PM, David Ford wrote:
part of my point along that of brute force resistance, is that
when security becomes onerous to the typical user such as requiring
non-repeat passwords of "10 characters including punctuation and mixed
case", even stalwart policy followers start tending t
On 05.01.2012 08:45, wrote Wesley M.:
Hi,
Hi,
I use Dovecot 2.0.13 on OpenBSD 5.0
When i try to send emails i
have the following error in /var/log/maillog
Jan 5 11:23:49 mail50
postfix/pipe[29423]: D951842244C: to=, relay=dovecot, delay=0.02,
delays=0.01/0/0/0.01, dsn=5.3.0, status=bounce
17 matches
Mail list logo
