Re: Building a Stable Secure FreeBSD Mail server
Joshua Lewis [EMAIL PROTECTED] wrote: I have located what I feel is a very complete document on Building a Stable Secure FreeBSD Mail server (That happens to be the name of the Doc too. Go figure) I am not sure what the age of this document is. In the document it reads: I like to change the default algorithm used when encrypting a user's password to the blowfish algorithm, as it provides the highest security at the greatest speed. Is this an accurate statement? My current passwd_format is set to md5 and I thought md5 was like Da Bomb(Ok white guy trying to be funny here). I am still pretty new, so I don't know the difference between these different algorithms. Any thoughts, comments, personal preferences (along with an understandable explanation would be nice) are appreciated. As far as I know, Blowfish is the best encryption algorithm for this purpose at this time, which (to my knowledge) is why OpenBSD uses it by default. I don't believe it's the fastest, however, but I could be wrong there. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Building a Stable Secure FreeBSD Mail server
On Saturday 26 June 2004 03:07 am, Joshua Lewis wrote: I have located what I feel is a very complete document on Building a Stable Secure FreeBSD Mail server (That happens to be the name of the Doc too. Go figure) Perhaps you might like to share the location of this document with the list? -- Best regards, Chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Building a Stable Secure FreeBSD Mail server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A little googling turned up: http://gene.wins.uva.nl/~jmsteggi/Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf joey On June 26, 2004 11:35, Chris wrote: On Saturday 26 June 2004 03:07 am, Joshua Lewis wrote: I have located what I feel is a very complete document on Building a Stable Secure FreeBSD Mail server (That happens to be the name of the Doc too. Go figure) Perhaps you might like to share the location of this document with the list? -- Best regards, Chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA3YuD0NQPEWppBZsRAk2QAJ9khqzA7cIGYzdNaB42bz05BB239gCeLBzI rFj+cPdeCcX4ubxODy6lS1Y= =Z+gM -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Building a Stable Secure FreeBSD Mail server
On Saturday 26 June 2004 09:43 am, Joey Mingrone wrote: A little googling turned up: http://gene.wins.uva.nl/~jmsteggi/Creating_a_Stable_Secure_FreeBSD_Mailserv er.pdf Ahh yes - this IS a good doc. I have had it for a few months. I was hoping that it might have been an updated version. None the less, it's one doc that I keep in my Keep directory. -- Best regards, Chris -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Building a Stable Secure FreeBSD Mail server
Chris [EMAIL PROTECTED] wrote: On Saturday 26 June 2004 09:43 am, Joey Mingrone wrote: A little googling turned up: http://gene.wins.uva.nl/~jmsteggi/Creating_a_Stable_Secure_FreeBSD_Mailserv er.pdf Ahh yes - this IS a good doc. I have had it for a few months. I was hoping that it might have been an updated version. None the less, it's one doc that I keep in my Keep directory. Like many documents, it's both good and bad. The author gives an excellent (and complete) description of setuid/gid, permissions, and flags ... but then he goes on to arbitrarily announce that you should increase both send and receive TCP buffers to 64k, with no explanation. Jacking these values up is not always a good idea, and I doubt if it's a good idea with a mail server. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Building a Stable Secure FreeBSD Mail server
On Sat, 26 Jun 2004 02:07:13 -0600, Joshua Lewis [EMAIL PROTECTED] wrote: ... I like to change the default algorithm used when encrypting a user's password to the blowfish algorithm, as it provides the highest security at the greatest speed. Is this an accurate statement? My current passwd_format is set to md5 and I thought md5 was like Da Bomb(Ok white guy trying to be funny here). ... Well, I'm no expert, but I stumbled across something interesting the other day after installing /usr/ports/security/john. It's a password cracker with a benchmarking component: procyon# john --test Benchmarking: Traditional DES [64/64 BS MMX]... DONE Many salts: 301915 c/s real, 302860 c/s virtual Only one salt: 258079 c/s real, 258483 c/s virtual Benchmarking: BSDI DES (x725) [64/64 BS MMX]... DONE Many salts: 10083 c/s real, 10099 c/s virtual Only one salt: 9830 c/s real, 9923 c/s virtual Benchmarking: FreeBSD MD5 [32/32]... DONE Raw:2375 c/s real, 2382 c/s virtual Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE Raw:139 c/s real, 140 c/s virtual Benchmarking: Kerberos AFS DES [48/64 4K MMX]... DONE Short: 59810 c/s real, 59997 c/s virtual Long: 200442 c/s real, 201069 c/s virtual Benchmarking: NT LM DES [64/64 BS MMX]... DONE Raw:1849998 c/s real, 1852889 c/s virtual Obviously, the security of an encryption algorithm is a many-splendoured thing, etc., but the above results seem to indicate that brute-forcing Blowfish is many times more computationally intensive (i.e. 'harder') than brute-forcing MD5. That's if I'm reading it right; I'm assuming c/s = combinations per second. There's no man page and the internet frightens and confuses me. I really doubt Blowfish is =faster= than MD5 when encrypting. -- Danny MacMillan ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Building a Stable Secure FreeBSD Mail server
The MTA is PostFix http://bsdhound.com/downloads/Creating_a_Stable_Secure_FreeBSD_Mailserver.pdf Document date is 10/17/2003 So it is not to old. So far it is pretty accurate. Thank you, Joshua Lewis dave Hi, What mail server was this doc dealing with and can you give me the address? Some clues as to the age is what version of fbsd was being discussed, currently 4.10 is production stable while 5.2.1 is new technology, even though i use that on my production systems. Not sure as to the difference between md5 and blf password hashing, i do know that they both are methods of encrypting a password and supposedly blf is more secure but it also doesn't have compatibility with anything else. HTH. Dave. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]