Re: Pre-boot authentication / geli-aware bootcode

2012-06-15 Thread Gleb Kurtsou
On (15/06/2012 15:39), Aaron Zauner wrote: > AFAIK you'd need something similary to initrd > (http://en.wikipedia.org/wiki/Initrd), which, to the best of my > knowledge, does not currently exist in freebsd. FreeBSD well supports booting from memory disk which can be either embedded in kernel itsel

Re: Default password hash

2012-06-11 Thread Gleb Kurtsou
On (11/06/2012 12:43), Simon L. B. Nielsen wrote: > On Sun, Jun 10, 2012 at 3:53 PM, Gleb Kurtsou wrote: [...] > > Do you mean pkcs5v2_calculate from geli? It seems to have a drawback > > Correct. > > > that results produced depend on actual CPU load. > > That

Re: Default password hash

2012-06-11 Thread Gleb Kurtsou
On (11/06/2012 12:51), Simon L. B. Nielsen wrote: > On Mon, Jun 11, 2012 at 11:44 AM, Lev Serebryakov wrote: > > Hello, Simon. > > You wrote 10 июня 2012 г., 14:02:50: > > > > SLBN> Has anyone looked at how long the SHA512 password hashing > > SLBN> actually takes on modern computers? > >  Modern

Re: Default password hash

2012-06-10 Thread Gleb Kurtsou
On (10/06/2012 11:02), Simon L. B. Nielsen wrote: > > On 8 Jun 2012, at 13:51, Dag-Erling Smørgrav wrote: > > > We still have MD5 as our default password hash, even though known-hash > > attacks against MD5 are relatively easy these days. We've supported > > SHA256 and SHA512 for many years now,

Re: OpenSSL change for review.

2012-06-09 Thread Gleb Kurtsou
On (31/05/2012 21:48), Pawel Jakub Dawidek wrote: > As learned on someone else's mistakes, I'd like to ask for a review of > those changes related to random data handling: > > http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch > http://people.freebsd.org/~pjd/patches/openss

Re: PAM modules

2011-09-21 Thread Gleb Kurtsou
On (20/09/2011 17:51), Xin LI wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 09/20/11 14:19, Dag-Erling Smørgrav wrote: > > Xin LI writes: > >> The main concern I have is that users might want to stay on an > >> older FreeBSD release, while wanting features of a new OpenLDAP. >

Re: limiting pop access to gmail servers ?

2011-05-02 Thread Gleb Kurtsou
On Mon, May 2, 2011 at 4:55 AM, George Sanders wrote: > > > We run our own (freebsd) mail server.  It's a pretty classic, old fashioned > /var/mail/username setup. > > We have enabled POP so that certain people can pop their mail from us, and use > gmail as their mail client. > > However, we have