> On Oct 27, 2017, at 12:33 AM, Aki Tuomi wrote:
>
>
>
> On 27.10.2017 00:53, krz...@gmail.com wrote:
>> I got multiple versions of openssl in my system. I compile dovecot with
>> PKG_CONFIG_PATH=/usr/openssl-1.0.2l-fpic/lib/pkgconfig ./configure
>>
>> How do I check which version of openssl
On 27.10.2017 10:07, @lbutlr wrote:
>
>> On Oct 27, 2017, at 12:33 AM, Aki Tuomi wrote:
>>
>>
>>
>> On 27.10.2017 00:53, krz...@gmail.com wrote:
>>> I got multiple versions of openssl in my system. I compile dovecot with
>>> PKG_CONFIG_PATH=/usr/openssl-1.0.2l-fpic/lib/pkgconfig ./configure
>>>
> On Oct 27, 2017, at 1:09 AM, Aki Tuomi wrote:
>
>
>
> On 27.10.2017 10:07, @lbutlr wrote:
>>
>>> On Oct 27, 2017, at 12:33 AM, Aki Tuomi wrote:
>>>
>>>
>>>
>>> On 27.10.2017 00:53, krz...@gmail.com wrote:
I got multiple versions of openssl in my system. I compile dovecot with
Hi.
What's the approach for securely enabling imap hibernation in case when each
user uses different uid and gid?
Looks like none and 0666 on hibernation and imap master sockets is the only
way?
Thanks,
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
You mean that today they using encrypted passwords to seeing
who has same passwords using brute force, hashes dictionary attack ?
2017-10-27 8:57 GMT+02:00 Aki Tuomi :
> The use of salt, today, is to prevent the attacker from directly seeing
> who has same passwords. Of course it also will make a
On 27.10.2017 11:20, Arkadiusz Miśkiewicz wrote:
> Hi.
>
> What's the approach for securely enabling imap hibernation in case when each
> user uses different uid and gid?
>
> Looks like none and 0666 on hibernation and imap master sockets is the only
> way?
>
> Thanks,
That's the only way, yes
On Friday 27 of October 2017, Aki Tuomi wrote:
> On 27.10.2017 11:20, Arkadiusz Miśkiewicz wrote:
> > Hi.
> >
> > What's the approach for securely enabling imap hibernation in case when
> > each user uses different uid and gid?
> >
> > Looks like none and 0666 on hibernation and imap master socke
On 27.10.2017 12:32, Arkadiusz Miśkiewicz wrote:
> On Friday 27 of October 2017, Aki Tuomi wrote:
>> On 27.10.2017 11:20, Arkadiusz Miśkiewicz wrote:
>>> Hi.
>>>
>>> What's the approach for securely enabling imap hibernation in case when
>>> each user uses different uid and gid?
>>>
>>> Looks lik
>> You can check with ldd /usr/lib/dovecot/imap-login (or libexec)
No, I cant because I'm compiling dovecot with openssl compiled as FPIC
which means that its not getting dynamicly linked.
When I try to compile against non-fpic openssl I just got
/usr/openssl-1.0.2l/lib/libssl.a(s23_srvr.o): rel
Correction. Even though i compile against fpic version of openssl
imap-login binnary is still dynamicly linked :/
root@sv1 [/usr/dovecot-2.2.33.2/libexec/dovecot]# ldd imap-login|grep ssl
libssl.so.1.0.0 => /lib64/libssl.so.1.0.0 (0x7f1428559000)
I've put new libssl.so.1.0.0 in this l
Never mind. It was old /lib64/libcrypto.so.1.0.0 which is dynamicly
linked when running imap-login
Hello dovecot community,
I've setup dovecot and need a bit help in understanding the auth
mechanism digest-md5 and realm
in 10-auth.conf I got
auth_mechanisms = plain login digest-md5 cram-md5 apop
#auth_realms =
#auth_default_realm =
So i got empty realms.
Auth normally works fine and clie
> On October 27, 2017 at 6:00 PM Admin Beckspaced wrote:
>
>
> Hello dovecot community,
>
> I've setup dovecot and need a bit help in understanding the auth
> mechanism digest-md5 and realm
>
> in 10-auth.conf I got
>
> auth_mechanisms = plain login digest-md5 cram-md5 apop
> #auth_realms =
Aki Tuomi wrote:
The use of salt, today, is to prevent the attacker from directly seeing
who has same passwords. Of course it also will make a rainbow table
attack less useful,
Not just less useful, but almost infeasible. Given the use of random
salts, you would have to generate (number of po
> On October 27, 2017 at 11:27 PM Joseph Tam wrote:
>
>
> Aki Tuomi wrote:
>
> > The use of salt, today, is to prevent the attacker from directly seeing
> > who has same passwords. Of course it also will make a rainbow table
> > attack less useful,
>
> Not just less useful, but almost infeasi
On Sat, 28 Oct 2017, Aki Tuomi wrote:
A random article on the internet ...
That would be funny to see in a bibliography. "Accoring to [RANDOM] ..."
says it's rather feasible if you want passwords cracked. Of course if
the passwords are longer than, say, 8 characters, it becomes less
feasib
On 27.10.2017 20:35, Aki Tuomi wrote:
On October 27, 2017 at 6:00 PM Admin Beckspaced wrote:
Hello dovecot community,
...
If someone could shed some light on this I would be more than grateful ;)
Thanks & greetings
Becki
We actually discovered that Android has a bug with DIGEST-MD5, which
17 matches
Mail list logo
