[Dovecot] CRAM-MD5 Password Generation Algorithm

Patrick Ben Koetter p at state-of-mind.de
Sat Apr 12 08:52:01 EEST 2008

* Douglas Willcocks <dovecot at dovecot.org>:
> Hi,
> I'm just in the middle of setting up dovecot to serve IMAPS -- Actually
> I've finished apart from one thing: CRAM-MD5 passwords.

CRAM-MD5 is a shared secret mechanism to prove authenticity without
transmitting the password in plaintext. Both parties - server and client -
proove that they share a secret.

CRAM-MD5 passwords are passwords saved in plaintext format on the client and
(!) on the server. Here's why:

1. The server sends a challenge (a random string)
2. The client uses the challenge to encrpyt the user password and creates a
   encrypted string
3. The client uses the username and the encrypted string, base64 encodes both
   to one string (response) and sends that to the server
4. The server base64 decodes the response to get the username
5. The server uses to username to lookup the corresponding password.
6. The server uses the password to decrypt the encrypted client string.
7. The server compares the decryption result with the challenge it sent. If
   they match, server and client share the same secret - the password.

As you can see, the password must be available in plaintext to decrypt the
encrypted client string. Databases like /etc/shadow that store passwords
encrypted cannot do this. All they can do is answer questions like this: "I do
have password 'foo'. If you encrypt that, will it match the value you have
stored as password in the database?" Shared secret mechanisms, such as
CRAM-MD5, DIGEST-MD5 and NTLM, cannot do with that. They need the password
string in unencrypted plaintext.

> I'm using SQL as a backend for the password storage, and I don't want to
> store the passwords in plaintext. I've also configured dovecot to be rather
> restrictive when it comes to authentication methods (only CRAM-MD5 is
> allowed).

Then you have to store passwords in plaintext.

> To generate the passwords to go into the database I can use the dovecotpw
> utility, but I'm wanting to stick some sort of minimal admin interface on
> the server to be able to manage the users etc without having to use the
> CLI.

Use pwgen.

> I've looked at the theoretical explanation of the hashing algorithm, and
> I've read through the source code that dovecotpw uses to generate the
> passwords with the intent of creating a higher level language library
> (Perl, Ruby, PHP ... whatever)) to generate passwords, but I don't seem to
> be able to replicate the functionality, and there don't seem to be any
> existing libraries that generate consistent results (that I've found).
> I don't have that much experience with C, and so I'm sure that I must have
> misunderstood how dovecotpw does its stuff. Perhaps someone could explain
> how the algorithm works? Or point me in the right direction?


p at rick

state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

Patrick Koetter            Tel: 089 45227227
Echinger Strasse 3         Fax: 089 45227226
85386 Eching               Web: http://www.state-of-mind.de

Amtsgericht München        Partnerschaftsregister PR 563

More information about the dovecot mailing list