Encrypted passwords for Mail and Mysql

[SniperSister]

Hey guys,

at first: Thank you for your great work! I'm currently testing Omega on my new server and I'm very happy with it. Currently stats aren't working, but i hope this will be fixed in the upcoming stable release.
Btw: If you need help - i would be happy if I can help you.

There's only one thing which shocked me a bit:
Why are the MySQL and Mail passwords stored as plaintext in the database? At least Courier should support md5-encrypted passwords and I don't understand why the MySQL-Passworts have to be saved as plaintext.

Maybe I'm under a misapprehension 'cause i don't have a complete overview about the code but I think it should be much more secure when the passwords aren't saved in plaintext.

Best regards
David

[RatS]

The passwords aren't encrypted that's right. But Postfix isn't working with encrypted passwords (as far as I know). MD5 is NO encryption (only a Hash function) and it's NOT secure. You can create a collision!

In later releases we will boost the level of security; however there is no lack, if the admin has selected a SECURE password for MySQL control!

[SniperSister]

I just converted my plaintext password into an md5 hash and postfix is working quite well...so at least postfix should work without any problems.

The question "Why encrypting those passwords" is very easy to answer: Most of the people are using the same password for their Bank-Account, their Ebay-Account, their Mailaccount etc...
So when somebody gets access to the database, he can read out all customers passwords - and with a bit luck - he gets access to their bank or mail accounts.

The advantage of md5 is that you can't reconvert it into a plaintext password - it's more or less worthless for a hacker. You can use it to authenticate your customers by comparing the md5 hash of the entered password with the md5 hash stored in the database.

[kilburn]

IMHO it would be a good thing, because even if collisions can be created (not a trivial work!) the attacker will never really know the password. In fact, tinkering MD5 collisions to access a users data would be something stupid if you can access vhcs's database and just create/modifiy accounts!

[RatS]

I'll see, what to do! Thanks for reply.

[BioALIEN]

+1 to the points raised in this topic. Never use plain passwords - im sure security and privacy issues come into question. RatS, I hope you can engineer a solution

[tcs]

You have to use Cyrus-SASL iirc. What I had to do was to configure servers to use that socket, I'll check that later when I'm at home and post my configuration.

Cheers

tcs

[Kermit]

This is a not trivial topic in fact. Anycase let me raise a hand for Ephigenie and RatS. There is a lot of very strange issues in some old releases of Postfix/Cyrus-SASL and PAM (often parts of the virtual-mail system) that prevent admins to use ecnrypted or hashed passwords.

I had the same problem on SuSE < 10.0: I built a self-configured virtual accounting system for my mail customers and there has been NO WAY to let Postfix/SASL read the passwords stored in other than plain-text.

Sad but true...

Anycase if MD5 works this could be a good boost to security and even privacy.
Thanks a lot!!!

[ephigenie]

yeah we're aware of that.

And let me assure you, that we will think about how to change it.
But for now we've to make the "basic" things work

The mail system has to be completely rewritten - i know that courier can handle crypted passwords, well - just I've to take a look at postfix.

[SniperSister]

ephigenie Wrote:And let me assure you, that we will think about how to change it.
But for now we've to make the "basic" things work

No problem, i just wanted to put your attention to this lack of privacy and security. If you need any help with making the basic stuff working feel free to ask

Best regards
David