Convert email passwords to crypt

  • We discussed previously about the storage of the passwords in plain text in the database here and here
    Since haveing plain passwords is unacceptable, I created a little script to convert them to the default crypt provided by php, the idea is to run this script periodically in a crontab.
    Since the script caused some controversy I just removed the attachment, still if anyone is interested into having it, I can provide it by PM.
    BTW, the script only prefixes {CRYPT} to the calculated hashes so there aren't needed any modifications to run it.

    Edited once, last by aseques ().


  • We discussed previously about the storage of the passwords in plain text in the database here
    To me, plain passwords are unacceptable, so I created a little script to convert them to the default crypt provided by php, my idea would be to run this script periodically in cron.
    The script is attached, feel free to test it since it's an early version
    NOTE: This doesn't require any modification in dovecot because it already supports those types of passwords.


    Hello ;


    Do you know that by sharing such a script, you are making my life a hell? I've planned to crypt all passwords in 1.2.0 version but if several users start to use your script, this will be a hell for me to provide an update path (eg, encrypt already encrypted password and so on...) If I must take consideration of users that used your script, I'll have to make some assumptions to know if a password is already encrypted or not...



    So then:


    I WARN any user that use this script that no update path will be provided in 1.2.0 when all passwords will be encrypted.


    Thank you for using i-MSCP

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Edited once, last by Nuxwin ().


  • Well, this is just an starting point, please reread the post I made, this is only the starting point for encryption, on the last discussion we had about this you weren't interested on having crypted passwords at all which I disagreed, and said that it was enough. Some time has passed and I decided to start with some stuff directly, but still we can talk about the best implementation.
    Can we agree to a encryption method? I you already had something in mind I can try to figure how to use it within dovecot so there aren't issues when upgrading.
    The points that made me decide for this solution are the following :

    • The hashes are portable from system to system
    • The passwords are not reversible so safer
    • The algorithm is the standard for linux (the one used for /etc/shadow) and will always be supported
    • As crypt enhances its algorithms, we will benefit from it directly in squezze the default is MD5-CRYPT, in wheezy SHA256, and so on..
    • Identifying them is just a matter of looking for the {CRYPT} at the begin of the hash.


    In a future if we default to crypt() passwords, the {CRYPT} string could be removed and use always crypted hashes (which would involve changing imscp code) by using in dovecot.conf

    Code
    1. default_pass_scheme = CRYPT


    What do you think of it?

    Edited once, last by aseques ().

  • @asseque


    You don't get me...


    • Users use your script to convert their passwords
    • i-MSCP 1.2.0 version is released
    • i-MSCP 1.2.0 provide update that encrypts all passwords (using CRYPT eg: SHA512)


    What about passwords that are already encrypted? That the point here. You make my life hard because I'll have to check prefix for each password to known if they are already encrypted...


    Now to be clear:


    In 1.2.0, all password will be encrypted using CRYPT (with better algorithm available as provided by the mainline glibc). Did you read the forum sometime? http://forum.i-mscp.net/Thread…-in-DB?pid=13045#pid13045


    BTW:


    • You are providing a script that is not ready to use.. You don't talk about the config.php file nor provide it.
    • What about the {CRYPT} placehoder that allow to define algorythm to use ($6$, $5$, $1$)? How it is replaced at runtime?
    • In your script, the SQL query to retrieve already encrypted passwords is based on the crypt prefix as set in the config.php file (it's an assumption). What if the user set the crypt algo prefix to something such as $6$ (SHA512) and some password are already encrypted with crypt but by using SHA256 (prefix $5$)?
    • You are providing a script involving installation of other library when it's possible to reuse code from i-MSCP (see below).



    As you can see here, we can end with many problems with such script. This exactly for this reason that I say you: Providing such a script will make my life hard for 1.2.0 because it's planned to encrypt all passwords using crypt. Taking your script in consideration mean much work for update path...


    imscp/gui/library/calc-functions.php


    Thanks

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Edited once, last by Nuxwin ().

  • Let me answer those points


    BTW:

    • You are providing a script that is not ready to use.. You don't talk about the config.php file nor provide it.
    • The script was created to get some feedback and to share the thoughts about an implementation, not really for everyone at this point
    • What about the {CRYPT} placehoder that allow to define algorythm to use ($6$, $5$, $1$)? How it is replaced at runtime?
    • Dovecot handles that just fine, that's precisely the point of this, their implementation looks for default_pass_scheme but can be overrided for the {} clauses in the hash field
    • In your script, the SQL query to retrieve already encrypted passwords is based on the crypt prefix as set in the config.php file (it's an assumption). What if the user set the crypt algo prefix to something such as $6$ (SHA512) and some password are already encrypted with crypt but by using SHA256 (prefix $5$)?
    • That could be easily fixed, in the current implementation I was assuming that the password in the db where in plain.
    • You are providing a script involving installation of other library when it's possible to reuse code from i-MSCP (see below).
    • Indeed you're right, It was a fast and dirty code

    Edited once, last by Nuxwin ().

  • Re;



    The script was created to get some feedback and to share the thoughts about an implementation, not really for everyone at this point


    You forgot about noobs that will take that script as this without thinking more...



    Dovecot handles that just fine, that's precisely the point of this, their implementation looks for default_pass_scheme but can be overrided for the {} clauses in the hash field


    We are providing many implementations (dovecot, courier). Don't forget that... Dovecot provides many way to do but still that the better way is to use the common approach. Telling dovecot that passwords as crypted using crypt by adding the {CRYPT} prefix in the database is not the way to go. courier doesn't know about the {CRYPT} prefix... But both dovecot and courier provide a way to set crypt as encryption backend in their configuration files. To resume, think well, think more. We are providing a way to switch to dovecot and courier (and vice-versa) transparently but by using {CRYPT} as prefix in the database (making dovecot usage assumption), you break this feature.



    Thanks

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Edited once, last by Nuxwin ().

  • Just wondering... 1.2 has been released. My database was kept as plain.


    i-MSCP 1.2.0 provide update that encrypts all passwords (using CRYPT eg: SHA512)


    Can I call this manually somewhere? In Mail pass PLAIN in DB you write that conversion is automatic. At least with my horrible test server setup passwords were not converted. And although I could translate everything manually, I'd prefer the official way with upgrade safety and users able to change their passwords via web ui.



    Thanks!

  • @bytesplit


    You take a phrase out of its context... In 1.2.0 mail passwords are still in plain text. Just read the 1.2.0 CHANGELOG. Do you see any place where I say: Passwords are now encrypted using crypt? To resume, it's on my TODO list. If you want help with some PR you're welcome but don't forget about courier too ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Thanks for the clarification. When it's not in the changelog it can also mean it's not the default, but possible.


    And I checked the Courier stuff. Seems that it uses encrypt and thus the OS specific password schemes. Should be good to go. So the works:

    • database change password string to something hashed (by hand for testing)
    • config changes for dovecot and courier
    • GUI changes for password set/change procedure
    • conversion script for changing scheme (see the samples here in this forum post) and updating iMSCP

    What has been done already? Where is to help? We may also follow up in PM or on IRC!?