Look, Most of my clients are popping/imapping clear text. A few smart ones are using ssl. It would be nice to force every one to use ssl. But in reallity it will cost me half my clients. What I mean is sniffing is easy. if my systems gets hacked and rooted (and they cannot do that with sniffing of course) they can allready abuse all accounts on the system so no EXTRA harm done. I the customer is stupid enough to use the the same login on all other accounts hey have it is their problem. I warn them not do do that. If they choose to do so it is not my problem. I definetly out weighs the profits of being able to supply a customer with their passwords or login with their credentials to prove the problem is not at my side.
Regards Hans de Groot On Wednesday, July 11, 2012 21:58 CEST, Daniel Colchete <daniel.colch...@mav.com.br> wrote: > I would like to point out that MD5 passwords, SHA1 passwords and alikes > are not safe because they dont have a SALT on it. Should a hacker get > access to your password list would be easy to guess most of your > passwords (google some of the MD5s or SHA1s you have). crypt with $1 is > MD5 with SALT, crypt $2 is SHA1 with SALT. Only crypt hashes with at > least $2 are considerate safe nowadays. > > Best, > Daniel > > On 07/11/2012 12:07 PM, Yellow Deli wrote: > > I am having the same issue. I have a combination of PLAIN passwords, > > as well as crypt, and MD5. I cannot get it to authenticate against any > > of them. > > > > ben > > > > On 7/11/12 7:36 AM, Kamil wrote: > >> hansg@...<hansg@...> writes: > >>> >That is because now you have a "crypt" passwort instead of an > >>> "MD5" > >> one. > >>> > So you have to change the above setting and reboot sogod. > >>> But if I change it to > >>> <key>userPasswordAlgorithm</key> > >>> <string>md5</string> > >>> I cannot login using the dovecot / etc passwd style password. > >>> it does not recognize the md5 password. > >>> So are there any other options to get this working? I still find it > >> weird that that can read but not write the long style md5 password. > >> > >> > >> any success ? I have the same problem and looking for a solution. > >> > >> I tink I'll have to change users passwords to MD5 only everywhere > >> > > > -- > users@sogo.nu > https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
