Sorry, I hate to do this.
I later posted to the list about the fact that vpopmail only uses DES. Matt
Simerson said "it is silly to say that DES is insecure" and I disagreed. He
then sent me a hashed password string betting me to crack it, and it turned
out to be a BSD MD5 (what an iodiot).
Now, back to topic.
IF ANYONE HAS SUCCESSFULLY USED MD5 WITH VPOPMAIL, POST TO THE FREAKING
LIST. Excuse me!
Matt, I know you are going to trip out again. But, you seriously lack
security insight. You cannot protect a box by disallowing pings to it.
Security by obscurity is old fashioned. Same thing with using an 8 character
password for your postmaster accounts (assuming that you do use the full 8
characters that DES allows you).
Want more details, here is a very nice article about DES INSECURITIES by the
FreeS/WAN Fellows:
http://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/DES.html
Please, stop talking about your great inventions ssh'ing your pop server
connections. If you administered hotmail or yahoo, would you do that?
Best Regards
Tamer Hassan
The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location... and i'm
not even too sure about that one"--Dennis Huges, FBI.
