Op 16/12/2018 om 10:06 schreef Tributh via dovecot:
Am 16.12.18 um 09:42 schrieb Aki Tuomi:
On 16 December 2018 at 10:27 Tributh via dovecot <dovecot@dovecot.org> wrote:
Hi,
is that here the right place to make feature requests?
dovecot supports as authentication mechanism
SCRAM-SHA-1 from RFC 5802
which was updated to
SCRAM-SHA-256 in RFC 7677
Can SCRAM-SHA-256 be added to the authentication mechanisms?
I would not like to request, that SCRAM-SHA-1 will be exchanged by
SCRAM-SHA-256, since several applications only support SCRAM-SHA-1
Regards
Torsten
Hi!
Adding this is possible, it can even be done as a separate plugin. But I have
to ask, why? Do you actually have clients that support this?
Aki
Hi Aki,
let me first answer the second question.
Sadly I have no client which supports it, yet.
Here we have a chicken or the egg causality dilemma.
There was some communication with mail-client developers which stated
that they would start developing it, when they have a publicly usable
server to test against.
Now I hope that the most common IMAP server could be the one, which
gives this possibility.
Sadly, most communication is not publicly available.
In the past CRAM-MD5 was very popular. When the insecurity came out,
everything just shifted to TLS, but that prevented not from sending a
plain password now. If a malicious actor is able to change DNS/TLS
endpoints, he will receive the plain passwords immediately.
I am not the expert in explaining how such an actor could do this. I
just wanted to have possibilities for everybody to prevent this possible
exposure of a plain password, which could than easily used abusively.
I just hope for better security in the future.
I looked a this a bit and since it is basically only a matter of
replacing the hash algorithm, I created a quick implementation (after
some refactoring):
https://github.com/stephanbosch/dovecot-core/commits/auth-scram-sha-256
However, since there is no client that actually supports this, I cannot
test this myself. I've briefly tested that the old SHA-1 still works
(using mpop) and that the server properly announces the new mechanism
when enabled, but that is it. It is based on the master branch.
Configuration is identical to SCRAM-SHA-1, apart from the mechanism (and
password scheme) name of course.
Don't expect this to be released or even merged to the master branch any
time soon: this is likely currently very low on our priority list. But,
at least you can run your own server with SCRAM-SHA-256 support (and so
can client developers). Maybe if this gets endorsed and supported by
clients and gets some testing in the field, we can speed it along a bit,
but that is not something I can promise.
So, I hatched a chick for you. I hope you can make it lay a few eggs in
the future...
Regards,
Stephan.
