Re: Headsup on feature removal - password
Password schemes: HMAC-MD5, RPA, SKEY, PLAIN-MD4, LANMAN, NTLM, SMD5
The web is flooded with plain text passwords and hashed passwords harvested from hacked servers.
Dovecot stores passwords with the same scheme used for client authentication.
Therefore, we use crammd5/hmac-md5. It does not look like much, but is better than plaintext.
As md5 is about to go, and I have no intention to store passwords in plaintext, I need to split the scheme used to store passwords from the scheme used for authentication, and migrate storage from md5 to bcrypt.
Since this is not possible, I think I will drop passwords entirely and use certificates.
Hello Rupert,
Note the following - using X.509 certificates is an excellent idea for preventing password guessing, but you need to realize one very important thing before switching to X.509 certificate authentication. In TLSv<=1.2 the TLS handshake leaks the client X.509 certificate. Simply start capturing the traffic with tcpdump (increase the verbosity), then initiate a new TLS session from the IMAP client, and you will see the X.500 subject of your client's certificate captured. Yes, the certificate itself is not a piece of critical information that someone can use to guess the client's RSA or EC private key, but nevertheless everyone eavesdropping the traffic will know your clients identity and may count their activity, especially if the certificate subject contains e-mail address (you can hardly avoid that if the IMAP server hosts virtual e-mail domains).
One possible way to deal with that leak is to initiate the TLS session between the client and the server without prompting for a client's certificate, and only after the session gets established to re-negotiate that same session, but this time by requesting the client's X.509 certificate. Then the client's certificate cannot leak (it is exchanging inside the already established TLS tunnel). While it is possible to implement the re-negotiation for web-applications, I haven't seen so far anything similar implemented for IMAP+TLS or SMTP+TLS servers. I am not aware how does TLSv1.3 deals with that matter. I have seen some discussions, like this one:
https://bugs.chromium.org/p/chromium/issues/detail?id=911653
but they are not focused on IMAP.
I know it might sound really strange that tunneling the used name and password keeps the privacy of the users better that X.509 certificate, but we need to face the reality.
Anyway, if you and your clients can live with such а leak, you can implement X.509 certificate authentication.
Best,
Veselin
On 3/17/20 3:06 PM, Rupert Gallagher wrote:
Password schemes: HMAC-MD5, RPA, SKEY, PLAIN-MD4, LANMAN, NTLM, SMD5
The web is flooded with plain text passwords and hashed passwords harvested from hacked servers.
Dovecot stores passwords with the same scheme used for client authentication.
Therefore, we use crammd5/hmac-md5. It does not look like much, but is better than plaintext.
As md5 is about to go, and I have no intention to store passwords in plaintext, I need to split the scheme used to store passwords from the scheme used for authentication, and migrate storage from md5 to bcrypt.
Since this is not possible, I think I will drop passwords entirely and use certificates.
Was there any reason for this message to be HTML-only?
On Wed, Mar 18, 2020 at 07:13:12AM +0200, Aki Tuomi wrote:
<html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 18/03/2020 00:06 Rupert Gallagher <ruga@protonmail.com> wrote: </div> <div> <br> </div> <div> <br> </div> <br>> Password schemes: HMAC-MD5, RPA, SKEY, PLAIN-MD4, LANMAN, NTLM, SMD5 <br> <br>The web is flooded with plain text passwords and hashed passwords harvested from hacked servers. <br> <br>Dovecot stores passwords with the same scheme used for client authentication. <br> <br>Therefore, we use crammd5/hmac-md5. It does not look like much, but is better than plaintext. <br> <br>As md5 is about to go, and I have no intention to store passwords in plaintext, I need to split the scheme used to store passwords from the scheme used for authentication, and migrate storage from md5 to bcrypt. <br> <br>Since this is not possible, I think I will drop passwords entirely and use certificates. <br> <br> </blockquote> <div> <br> </div> <div> We are not removing CRAM-MD5/DIGEST-MD5/S-CRAM-SHA-1 or S-CRAM-SHA-256. Also just plain MD5 is still staying. </div> <div class="io-ox-signature"> <pre>--- Aki Tuomi</pre> </div> </body> </html>
On Wed, Mar 18, 2020 at 10:38:37AM -0400, Jerry wrote:
On Wed, 18 Mar 2020 09:51:51 -0400, Hendrik Boom stated:
Was there any reason for this message to be HTML-only?
Was there any reason to 'top post' and include the HTML text?
Yes.
(1) To indicate that my question was about the whole message and not its contents. I normally don't top-post. (2) To make it clear just what I was commenting about.
-- hendrik
-- Jerry
On 18/03/2020 17:31 Hendrik Boom hendrik@topoi.pooq.com wrote:
On Wed, Mar 18, 2020 at 10:38:37AM -0400, Jerry wrote:
On Wed, 18 Mar 2020 09:51:51 -0400, Hendrik Boom stated:
Was there any reason for this message to be HTML-only?
Was there any reason to 'top post' and include the HTML text?
Yes.
(1) To indicate that my question was about the whole message and not its contents. I normally don't top-post. (2) To make it clear just what I was commenting about.
-- hendrik
-- Jerry
One of the various mail clients I use sends HTML only mails in some situations.
Aki
On Wed, 18 Mar 2020 17:37:31 +0200 (EET) Aki Tuomi aki.tuomi@open-xchange.com wrote:
One of the various mail clients I use sends HTML only mails in some situations.
So you're taking your problem and making it our problem?
SteveT
Steve Litt March 2020 featured book: Troubleshooting: Why Bother? http://www.troubleshooters.com/twb
participants (6)
-
Aki Tuomi
-
Hendrik Boom
-
Jerry
-
Rupert Gallagher
-
Steve Litt
-
Vesselin Kolev