Feature request SCRAM-SHA-256
Stephan Bosch
stephan at rename-it.nl
Sun Jan 20 13:45:38 EET 2019
Op 07/01/2019 om 20:31 schreef Stephan Bosch:
>
> Op 16/12/2018 om 10:06 schreef Tributh via dovecot:
>>
>> Am 16.12.18 um 09:42 schrieb Aki Tuomi:
>>>> On 16 December 2018 at 10:27 Tributh via dovecot
>>>> <dovecot at dovecot.org> wrote:
>>>>
>>>>
>>>> Hi,
>>>> is that here the right place to make feature requests?
>>>>
>>>> dovecot supports as authentication mechanism
>>>> SCRAM-SHA-1 from RFC 5802
>>>> which was updated to
>>>> SCRAM-SHA-256 in RFC 7677
>>>>
>>>> Can SCRAM-SHA-256 be added to the authentication mechanisms?
>>>>
>>>> I would not like to request, that SCRAM-SHA-1 will be exchanged by
>>>> SCRAM-SHA-256, since several applications only support SCRAM-SHA-1
>>>>
>>>> Regards
>>>>
>>>> Torsten
>>> Hi!
>>>
>>> Adding this is possible, it can even be done as a separate plugin.
>>> But I have to ask, why? Do you actually have clients that support this?
>>>
>>> Aki
>>>
>> Hi Aki,
>> let me first answer the second question.
>> Sadly I have no client which supports it, yet.
>> Here we have a chicken or the egg causality dilemma.
>> There was some communication with mail-client developers which stated
>> that they would start developing it, when they have a publicly usable
>> server to test against.
>> Now I hope that the most common IMAP server could be the one, which
>> gives this possibility.
>> Sadly, most communication is not publicly available.
>>
>> In the past CRAM-MD5 was very popular. When the insecurity came out,
>> everything just shifted to TLS, but that prevented not from sending a
>> plain password now. If a malicious actor is able to change DNS/TLS
>> endpoints, he will receive the plain passwords immediately.
>> I am not the expert in explaining how such an actor could do this. I
>> just wanted to have possibilities for everybody to prevent this possible
>> exposure of a plain password, which could than easily used abusively.
>>
>> I just hope for better security in the future.
>
>
> I looked a this a bit and since it is basically only a matter of
> replacing the hash algorithm, I created a quick implementation (after
> some refactoring):
> https://github.com/stephanbosch/dovecot-core/commits/auth-scram-sha-256
>
> However, since there is no client that actually supports this, I
> cannot test this myself. I've briefly tested that the old SHA-1 still
> works (using mpop) and that the server properly announces the new
> mechanism when enabled, but that is it. It is based on the master
> branch. Configuration is identical to SCRAM-SHA-1, apart from the
> mechanism (and password scheme) name of course.
>
> Don't expect this to be released or even merged to the master branch
> any time soon: this is likely currently very low on our priority list.
> But, at least you can run your own server with SCRAM-SHA-256 support
> (and so can client developers). Maybe if this gets endorsed and
> supported by clients and gets some testing in the field, we can speed
> it along a bit, but that is not something I can promise.
>
> So, I hatched a chick for you. I hope you can make it lay a few eggs
> in the future...
Tracked internally as DOP-840.
Regards,
Stephan.
More information about the dovecot
mailing list