[Dovecot] Weird Authentication behaviour

Jiri Bourek bourek at thinline.cz
Mon Mar 24 15:05:32 UTC 2014 

Reindl Harald wrote:
>
> Am 24.03.2014 12:47, schrieb Gedalya:
>> On 03/24/2014 07:34 AM, Jürgen Ladstätter wrote:
>>> we use dovecot 2.0.9 and authentication against a mysql database. Everything
>>> works fine, but we found some weird behavior – when the password is e.g.
>>> “testpass” you also authenticate successfully with “testpass123” or
>>> “testpassNOT”. Whatever comes after the correct password doesn’t matter, the
>>> authentication is still successful.
>> ..
>>> default_pass_scheme = CRYPT
>>>
>> http://wiki2.dovecot.org/Authentication/PasswordSchemes --
>>
>> CRYPT: Traditional DES-crypted password in /etc/passwd (e.g. "pass" = vpvKh.SaNbR6s)
>>
>> Dovecot uses libc's crypt() function, which means that CRYPT is usually able to recognize MD5-CRYPT and possibly
>> also other password schemes. See all of the *-CRYPT schemes at the top of this page.
>>>>>>>>>
>> *The traditional DES-crypt scheme only uses the first 8 characters of the password, the rest are ignored.* Other
>> schemes may have other password length limitations (if they limit the password length at all)
>
> my passwords have 19 chars and my linux login does not accept only
> the first 8 ones, that's the state for many years now

Because libc's crypt() was extended to support other encryption 
algorithms and your distribution chose to use them. (in Debian see for 
example /etc/login.defs, variable ENCRYPT_METHOD)

That doesn't change the fact you can still use crypt() with DES 
encryption. For example, htpasswd still does that by default (or at 
least was doing that few months ago), you can recofigure your Linux 
login to do it as well and obviously you can configure Dovecot the same way.

>
> frankly 8 chars is laughable, i recently wrote a PHP library to
> generate secure random passwords and for 100000 passwords get
> 13 collisions is way to much given that that means you have
> a collision every 8000 tries which means not you need 8000
> in a real world attack
>
> GENERATED:  100000
> COLLISIONS: 13
>

Yes, AFAIK DES encryption is obsolete for very long time and if you know 
hash, it's quite easy to generate a secret which will match the hash (so 
security-wise database with DES encrypted passwords is pretty much no 
better than database with plaintext passwords)

For the author of top post: Dovecot does what you told it to do. If you 
want to change this, it'll be a bit of a problem.

If you by any chance have plaintext passwords for your accounts (and you 
shouldn't have them), you can pass them to

doveadm pw -s SHA512-CRYPT -p plaintext

and store what comes out to your DB.

If you don't have them, there's a way using postlogin script - 
http://wiki2.dovecot.org/PostLoginScripting , see 
http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes

This method will however convert scheme for _first_ password that allows 
someone to login. So you can expect complaints from your users who use 
their account from two devices with different passwords (with difference 
after 8th character.) They will login from one device, password scheme 
changes and the other device will be locked out.

More information about the dovecot mailing list