[Dovecot] RFE: MD5 encryption with for plain text passwords

David S. Madole david at madole.net
Fri Jul 23 15:21:45 EEST 2004 

> From: "Felix Schwarz" <Felix.Schwarz at web.de>
>
> After reading some documentation I think that I'll have to store the
> passwords as plain text in the authdb. That is something I dislike
> very much as it is a (imho) good tradition for unix to store only
> encrypted passwords for security reasons.
>
> I would like to see the possibility in dovecot to store the passwords
> for plain text authentication md5 encrypted. That should be easy to
> implement (just one md5 encryption before comparing the given password
> with the stored one) and could improve security.

I understand the reasoning for this desire, but you might want to
reconsider. In the long term, it could actually result in less security.

The problem is that many secure authentication methods, especially any that
are challenge-response based, can only work if the server has access to the
plain-text of the password. So if you start down the road of hashed
passwords now to support plain text authentication, it will be impractical
for you to implement additional forms of authentication later. Not just for
IMAP, but also if you reuse your password store for additional services like
SMTP authentication.

With the relative ease these days of brute-forcing MD5 sums, you might just
be fooling yourself with this approach and it might be more worth focusing
efforts on making sure your password store is secure. The main reason that
Unix systems traditionally store hashed passwords it's because the password
file was traditionally world-readable. With improvements in computational
power, it was realized that the security of hashes is not really good enough
and so Unix systems have gone to shadowing the passwords in a file that is
not world-readable. That's most of what really makes the passwords secure
now, not the hash.

As a compromise, you might consider using a reversable encryption algorithm
rather than a hash. That way someone would need to compromise both the
database and your configuration file that contains the key to get a
password. If you use a database like MySQL as your password store you can do
this transparently to the application by doing the decryption using SQL
functions. Take a look at some of the user comments at:
http://dev.mysql.com/doc/mysql/en/Encryption_functions.html

Just a few things to think about.

David

More information about the dovecot mailing list