Re: Building a Stable Secure FreeBSD Mail server
The MTA is PostFix http://bsdhound.com/downloads/Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf Document date is 10/17/2003 So it is not to old. So far it is pretty accurate. Thank you, Joshua Lewis dave > Hi, > What mail server was this doc dealing with and can you give me the > address? Some clues as to the age is what version of fbsd was being > discussed, currently 4.10 is production stable while 5.2.1 is new > technology, even though i use that on my production systems. > Not sure as to the difference between md5 and blf password hashing, i > do > know that they both are methods of encrypting a password and supposedly > blf > is more secure but it also doesn't have compatibility with anything else. > HTH. > Dave. > > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Building a Stable Secure FreeBSD Mail server
On Sat, 26 Jun 2004 02:07:13 -0600, Joshua Lewis <[EMAIL PROTECTED]> wrote: ... "I like to change the default algorithm used when encrypting a user's password to the blowfish algorithm, as it provides the highest security at the greatest speed. Is this an accurate statement? My current passwd_format is set to md5 and I thought md5 was like "Da Bomb"(Ok white guy trying to be funny here). ... Well, I'm no expert, but I stumbled across something interesting the other day after installing /usr/ports/security/john. It's a password cracker with a benchmarking component: procyon# john --test Benchmarking: Traditional DES [64/64 BS MMX]... DONE Many salts: 301915 c/s real, 302860 c/s virtual Only one salt: 258079 c/s real, 258483 c/s virtual Benchmarking: BSDI DES (x725) [64/64 BS MMX]... DONE Many salts: 10083 c/s real, 10099 c/s virtual Only one salt: 9830 c/s real, 9923 c/s virtual Benchmarking: FreeBSD MD5 [32/32]... DONE Raw:2375 c/s real, 2382 c/s virtual Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE Raw:139 c/s real, 140 c/s virtual Benchmarking: Kerberos AFS DES [48/64 4K MMX]... DONE Short: 59810 c/s real, 59997 c/s virtual Long: 200442 c/s real, 201069 c/s virtual Benchmarking: NT LM DES [64/64 BS MMX]... DONE Raw:1849998 c/s real, 1852889 c/s virtual Obviously, the security of an encryption algorithm is a many-splendoured thing, etc., but the above results seem to indicate that brute-forcing Blowfish is many times more computationally intensive (i.e. 'harder') than brute-forcing MD5. That's if I'm reading it right; I'm assuming c/s = "combinations per second". There's no man page and the internet frightens and confuses me. I really doubt Blowfish is =faster= than MD5 when encrypting. -- Danny MacMillan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Building a Stable Secure FreeBSD Mail server
Chris <[EMAIL PROTECTED]> wrote: > On Saturday 26 June 2004 09:43 am, Joey Mingrone wrote: > > A little googling turned up: > > http://gene.wins.uva.nl/~jmsteggi/Creating_a_Stable_Secure_FreeBSD_Mailserv > >er.pdf > > Ahh yes - this IS a good doc. I have had it for a few months. I was hoping > that it might have been an updated version. None the less, it's one doc that > I keep in my "Keep" directory. Like many documents, it's both good and bad. The author gives an excellent (and complete) description of setuid/gid, permissions, and flags ... but then he goes on to arbitrarily announce that you should increase both send and receive TCP buffers to 64k, with no explanation. Jacking these values up is not always a good idea, and I doubt if it's a good idea with a mail server. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Building a Stable Secure FreeBSD Mail server
On Saturday 26 June 2004 09:43 am, Joey Mingrone wrote: > A little googling turned up: > http://gene.wins.uva.nl/~jmsteggi/Creating_a_Stable_Secure_FreeBSD_Mailserv >er.pdf Ahh yes - this IS a good doc. I have had it for a few months. I was hoping that it might have been an updated version. None the less, it's one doc that I keep in my "Keep" directory. -- Best regards, Chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Building a Stable Secure FreeBSD Mail server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A little googling turned up: http://gene.wins.uva.nl/~jmsteggi/Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf joey On June 26, 2004 11:35, Chris wrote: > On Saturday 26 June 2004 03:07 am, Joshua Lewis wrote: > > I have located what I feel is a very complete document on Building a > > Stable Secure FreeBSD Mail server (That happens to be the name of the Doc > > too. Go figure) > > Perhaps you might like to share the location of this document with the > list? > > -- > Best regards, > Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA3YuD0NQPEWppBZsRAk2QAJ9khqzA7cIGYzdNaB42bz05BB239gCeLBzI rFj+cPdeCcX4ubxODy6lS1Y= =Z+gM -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Building a Stable Secure FreeBSD Mail server
On Saturday 26 June 2004 03:07 am, Joshua Lewis wrote: > I have located what I feel is a very complete document on Building a > Stable Secure FreeBSD Mail server (That happens to be the name of the Doc > too. Go figure) > Perhaps you might like to share the location of this document with the list? -- Best regards, Chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Building a Stable Secure FreeBSD Mail server
"Joshua Lewis" <[EMAIL PROTECTED]> wrote: > I have located what I feel is a very complete document on Building a > Stable Secure FreeBSD Mail server (That happens to be the name of the Doc > too. Go figure) > > I am not sure what the age of this document is. In the document it reads: > > "I like to change the default algorithm used when encrypting a user's > password to the blowfish algorithm, as it provides the highest security at > the greatest speed. > > Is this an accurate statement? My current passwd_format is set to md5 and > I thought md5 was like "Da Bomb"(Ok white guy trying to be funny here). > > I am still pretty new, so I don't know the difference between these > different algorithms. Any thoughts, comments, personal preferences (along > with an understandable explanation would be nice) are appreciated. As far as I know, Blowfish is the best encryption algorithm for this purpose at this time, which (to my knowledge) is why OpenBSD uses it by default. I don't believe it's the fastest, however, but I could be wrong there. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Building a Stable Secure FreeBSD Mail server
I have located what I feel is a very complete document on Building a Stable Secure FreeBSD Mail server (That happens to be the name of the Doc too. Go figure) I am not sure what the age of this document is. In the document it reads: "I like to change the default algorithm used when encrypting a user's password to the blowfish algorithm, as it provides the highest security at the greatest speed. Is this an accurate statement? My current passwd_format is set to md5 and I thought md5 was like "Da Bomb"(Ok white guy trying to be funny here). I am still pretty new, so I don't know the difference between these different algorithms. Any thoughts, comments, personal preferences (along with an understandable explanation would be nice) are appreciated. Thank you, Joshua Lewis ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
