Aki,
(Not speaking for Aki)
I understand that salted passwords saved in my database and stronger hash
algorithm course that it will require more processor time/power to crack my
passwords.
But only when hackers have direct access to my database what means that
hackers have access to my passwo
Aki,
I understand that salted passwords saved in my database and stronger hash
algorithm course that it will require more processor time/power to crack my
passwords.
But only when hackers have direct access to my database what means that
hackers have access to my passwords hashes (eg. hackers stol
On Sat, 28 Oct 2017, Aki Tuomi wrote:
A random article on the internet ...
That would be funny to see in a bibliography. "Accoring to [RANDOM] ..."
says it's rather feasible if you want passwords cracked. Of course if
the passwords are longer than, say, 8 characters, it becomes less
feasib
> On October 27, 2017 at 11:27 PM Joseph Tam wrote:
>
>
> Aki Tuomi wrote:
>
> > The use of salt, today, is to prevent the attacker from directly seeing
> > who has same passwords. Of course it also will make a rainbow table
> > attack less useful,
>
> Not just less useful, but almost infeasi
Aki Tuomi wrote:
The use of salt, today, is to prevent the attacker from directly seeing
who has same passwords. Of course it also will make a rainbow table
attack less useful,
Not just less useful, but almost infeasible. Given the use of random
salts, you would have to generate (number of po
You mean that today they using encrypted passwords to seeing
who has same passwords using brute force, hashes dictionary attack ?
2017-10-27 8:57 GMT+02:00 Aki Tuomi :
> The use of salt, today, is to prevent the attacker from directly seeing
> who has same passwords. Of course it also will make a
The use of salt, today, is to prevent the attacker from directly seeing
who has same passwords. Of course it also will make a rainbow table
attack less useful, but then again, no one uses rainbow tables anymore
since it takes about few minutes to brute force a password in the cloud
or on your home
Aki,
if I understand it well, salt is useful when database is/was stolen ?
Then thief can use eg. rainbow tables to decrypt passwords.
Regards,
Jack
2017-10-27 7:42 GMT+02:00 Aki Tuomi :
>
>
> On 27.10.2017 08:37, @lbutlr wrote:
> > On 25 Oct 2017, at 03:11, Aki Tuomi wrote:
> >> SHA512-CRYPT an
On 27.10.2017 08:37, @lbutlr wrote:
> On 25 Oct 2017, at 03:11, Aki Tuomi wrote:
>> SHA512-CRYPT and PLAIN/LOGIN with SSL.
> I’m happy with SHA256-CRYPT and PLAIN/LOGIN.
>
Yes. SHA256-CRYPT is good too. It was just recommendation over using
CRAM-MD5, use anything with salt.
Aki
On 25 Oct 2017, at 03:11, Aki Tuomi wrote:
> SHA512-CRYPT and PLAIN/LOGIN with SSL.
I’m happy with SHA256-CRYPT and PLAIN/LOGIN.
--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.
i Tuomi
> Cc: Dovecot Mailing List Subject: Re: Password
> encription
> What scheme and mechanism do you recommend?
>
> 2017-10-25 11:01 GMT+02:00 Aki Tuomi :
>
> > CRAM-MD5 should not be used. Its not terribly secure.
> >
> >
> > ---Aki TuomiDovecot oy
>
SHA512-CRYPT and PLAIN/LOGIN with SSL.
---Aki TuomiDovecot oy
Original message From: "j.emerlik" Date:
25/10/2017 12:07 (GMT+02:00) To: Aki Tuomi Cc: Dovecot
Mailing List Subject: Re: Password encription
What scheme and mechanism do you recommend?
2017-10-25 11
To: Aki Tuomi
> Cc: Dovecot Mailing List Subject: Re: Password
> encription
> Thx Aki,
> with CRAP-MD5 as scheme and mechanism it's works corretlly.
>
> 2017-10-25 10:52 GMT+02:00 Aki Tuomi :
>
> > PLAIN and LOGIN.
> >
> >
> >
> > ---
> >
CRAM-MD5 should not be used. Its not terribly secure.
---Aki TuomiDovecot oy
Original message From: "j.emerlik" Date:
25/10/2017 11:58 (GMT+02:00) To: Aki Tuomi Cc: Dovecot
Mailing List Subject: Re: Password encription
Thx Aki,
with CRAP-MD5 as scheme and mecha
017 11:41 (GMT+02:00)
> To: Dovecot Mailing List
> Subject: Password encription
>
> Hi,
> which authentication mechanism should I use for SHA-256 password schama ?
> Regards,
> Jack
>
PLAIN and LOGIN.
---Aki TuomiDovecot oy
Original message From: "j.emerlik" Date:
25/10/2017 11:41 (GMT+02:00) To: Dovecot Mailing List
Subject: Password encription
Hi,
which authentication mechanism should I use for SHA-256 password schama ?
Regards,
Jack
Hi,
which authentication mechanism should I use for SHA-256 password schama ?
Regards,
Jack
17 matches
Mail list logo
