Plain Text Passwords

  • Hi,


    Now the Emailpasswords (maybe other too) are saved in plain text.


    Is it planed to change this to some sort of encrypt ?


    The problem is if your server get hacked it makes a big difference if the get only the md5 hashes or the plain text passwords.
    Think > 50% of all End User uses the same Email/Password combo in Ebay/Amazon/whatever too.


    The only Reason for plain text password that i know it to get CRAM MD5 working at pop3/imap4 login.
    But CRAM isnt used anymore from all big providerer (gmail/gmx) because of this plain text problem.
    If the user want encrypt his pop3/imap4 connection than he should use ssl thats real safe.


    Think changing to md5() password hashed would very easy.
    Maybe as option (Real Password/md5 Passwords) at install time.


    Nethan

  • thx for the link


    Sure the encrypt from old ispcp is the same than no encrypt at all. if anyone get access to database he has access to the decrypt too.


    i thought with encrypt on md5 or sha1 thats one way encryption. theres no way back even with root access.


    The can only brute force every md5 hash and thats not impossible with the new Nvidia CUDA but very much afford.


    To get access to the imscp database no root access is needed a bug in roundcube or imscp or squirellmail or phpmyadmin or filemanager is enougth to get the imscp database login.


    if the got a copy of the database with md5 hashes the have near nothing.
    if the got a copy of the database with plain text passwords the got everything.


    i know im a little paranoid :)


    mfg
    Nethan

  • that would be possible if following become true:
    1. We drop autologin for ftp and mysql.
    2. We drop courier. (need plain password).

  • Nethan is right having passwords in plain text is not best idea since gui can (because of bugs in our code /third party code) disclose information (including those email password). But for courier we use sasl auth method and this do require plain text password usage.
    I do have 2 ideas how we can fixed:
    1. gui need full access to mysql code because of database /sql user creation. We move this to engine then limit access to only needed field (in particular for email update / insert / delete but not select).
    2. I already rewrite engine so i try find a different method for courier auth mechanism

  • Even with what daniel mentions. For FTP and PhpMyAdmin auto-logins we need the passwords at the gui level to push to the webmail/sql client. Because the webmail/sql client cannot connect with a hash, it needs a full password to do so.

    Edited once, last by kassah ().