Re: [Dovecot] Accessing plain text password from memory

[Philipp Brüll]

Hi Timo,

thanks for the answer. I'm working on a plug in with an similar 
architecture.


Is there also a way to pass that plain password to a mail filter script? 
Obviously, the %w option as mail filter script argument does not work.


Kind regards,
Philipp

On 13/12/13 15:47, Timo Sirainen wrote:

On 13.12.2013, at 16.37, Stanislas SABATIER  wrote:


Is there a way to retrieve the client's password in plain text from memory ?

I don't store the password in plain text in my postgreSQL but I need it
when the client is connected to make crypto computation.

If I write a plugin to do the job, how could I retrieve the plain text
password from master ?


Assuming you you're using passdb sql and userdb prefetch and you want to access 
the password in imap/pop3/etc process, you can do:

password_query = '%w' as userdb_password, ...

Then the password will be available the same way as plugin { password } would 
be available (mail_user_plugin_getenv()).

You could also write a passdb plugin you could access the password directly from 
auth_request->mech_password.






smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Dovecot] Accessing plain text password from memory

[Stanislas SABATIER]

Thanks for the info, I'll dig this option.

Regards,
Stan.

Le 13 déc. 2013 à 15:47, Timo Sirainen  a écrit :

> On 13.12.2013, at 16.37, Stanislas SABATIER  wrote:
> 
>> Is there a way to retrieve the client's password in plain text from memory ?
>> 
>> I don't store the password in plain text in my postgreSQL but I need it
>> when the client is connected to make crypto computation.
>> 
>> If I write a plugin to do the job, how could I retrieve the plain text
>> password from master ?
> 
> Assuming you you're using passdb sql and userdb prefetch and you want to 
> access the password in imap/pop3/etc process, you can do:
> 
> password_query = '%w' as userdb_password, ...
> 
> Then the password will be available the same way as plugin { password } would 
> be available (mail_user_plugin_getenv()).
> 
> You could also write a passdb plugin you could access the password directly 
> from auth_request->mech_password.
> 

Re: [Dovecot] Accessing plain text password from memory

[Rick Romero]

Quoting Stanislas SABATIER :


2013/12/13 Rick Romero 



​(…)

IMHO, your time is better spent creating a PGP plugin that uses public
keys to encrypt the email contents.
Rick



​That's exactly what I'm doing. Inbound mails are all encrypted with each

client's public key.

Then, clients can either decrypt mails on their own personal computer, or
have their mails decrypted on-the-fly server side.
In the later case, I store an encrypted private key for each client. To
open the private key, I need client's password.

Stan


Oh!  I feel so much better now :)

Rick

Re: [Dovecot] Accessing plain text password from memory

[Stanislas SABATIER]

2013/12/13 Rick Romero 

>
> ​(…)
>
> IMHO, your time is better spent creating a PGP plugin that uses public
> keys to encrypt the email contents.
> Rick
>
>
>
> ​That's exactly what I'm doing. Inbound mails are all encrypted with each
client's public key.

Then, clients can either decrypt mails on their own personal computer, or
have their mails decrypted on-the-fly server side.
In the later case, I store an encrypted private key for each client. To
open the private key, I need client's password.

Stan

Re: [Dovecot] Accessing plain text password from memory

[Rick Romero]

As long as you're not claiming that you can't access the data, then I  
won't get uppity :)


Though I honestly don't see any advantage to the approach you're  
taking.  It was useless for Lavabit, it's a poor method that's not  
going to fair any better under anyone else's watch.  Why not just zip  
all the files up and rename the extension? That'll be 'difficult' to  
defeat too, and the plugins already exist. A rogue agent with local  
access will be able to access the mailboxes, encrypted or not. Are you  
running a FAM? Centralized SIEM? If not, they just set the debug flag  
and reload the service without you ever even knowing.


IMHO, your time is better spent creating a PGP plugin that uses public  
keys to encrypt the email contents.
Of course you lose indexing and searches..  It's just _not_ going to  
be secure if a local service can decrypt the data.


I agree the core problem is SMTP. I'd be willing to use a new email  
protocol as well, but I don't have high hopes from 'that' group.  It's  
like they've got Einstein and PT Barnum...


Rick

Quoting Stanislas SABATIER :


Hi rick,

I DO want to encrypt/decrypt mails on the fly without «lying » to my
customers.


It's better to have encrypted mail that are difficult to decrypt than plain
text files within plain text folders. (Yes, it would be possible to get the
user password on the fly, but my system is not design this way)

I agree that it's not panacea, but it's better than no encryption at all.
Isn't it ?

As soon as a new email protocol will be available, I'll be the first to
switch to it !

Regards,
Stan.


---
Stanislas SABATIER
s.sabat...@pobox.com
---



2013/12/13 Stanislas SABATIER 


Is there a way to retrieve the client's password in plain text from memory
?

I don't store the password in plain text in my postgreSQL but I need it
when the client is connected to make crypto computation.

If I write a plugin to do the job, how could I retrieve the plain text
password from master ?

Thank you for your help,

Regards,
Stan.

---
Stanislas SABATIER
s.sabat...@pobox.com
---

Re: [Dovecot] Accessing plain text password from memory

[Stanislas SABATIER]

Hi rick,

I DO want to encrypt/decrypt mails on the fly without «lying » to my
customers.


It's better to have encrypted mail that are difficult to decrypt than plain
text files within plain text folders. (Yes, it would be possible to get the
user password on the fly, but my system is not design this way)

I agree that it's not panacea, but it's better than no encryption at all.
Isn't it ?

As soon as a new email protocol will be available, I'll be the first to
switch to it !

Regards,
Stan.


---
Stanislas SABATIER
s.sabat...@pobox.com
---



2013/12/13 Stanislas SABATIER 

> Is there a way to retrieve the client's password in plain text from memory
> ?
>
> I don't store the password in plain text in my postgreSQL but I need it
> when the client is connected to make crypto computation.
>
> If I write a plugin to do the job, how could I retrieve the plain text
> password from master ?
>
> Thank you for your help,
>
> Regards,
> Stan.
>
> ---
> Stanislas SABATIER
> s.sabat...@pobox.com
> ---
>
>

Re: [Dovecot] Accessing plain text password from memory

[Rick Romero]

Quoting Stanislas SABATIER :


Is there a way to retrieve the client's password in plain text from memory ?

I don't store the password in plain text in my postgreSQL but I need it
when the client is connected to make crypto computation.


Hi Stan,

I hope you're not trying to copy Lavabit.  Saying you don't have  
access to mailbox contents on your own equipment would be a flat out  
lie.


1. You have the password in memory.  Simply set the debug flags and  
you can retrieve the password, as Lavabit did, to decrypt the mailbox.  
 Their claim of 'our policy is not to run in debug mode, therefore we  
can't access your data' is not actually a form of security.
2. SMTP is in plain text.  After the existing mail is read, any  
incoming or outgoing mail is easily CC'd to a 'monitoring' mailbox  
based on SMTP Auth or RCPT TO.


If it's not mailbox encryption, sorry (you have no idea how much I  
detest that Lavabit guy for his lies), but if it is then it's nothing  
more than a programming exercise.


Rick

Re: [Dovecot] Accessing plain text password from memory

[Timo Sirainen]

On 13.12.2013, at 16.37, Stanislas SABATIER  wrote:

> Is there a way to retrieve the client's password in plain text from memory ?
> 
> I don't store the password in plain text in my postgreSQL but I need it
> when the client is connected to make crypto computation.
> 
> If I write a plugin to do the job, how could I retrieve the plain text
> password from master ?

Assuming you you're using passdb sql and userdb prefetch and you want to access 
the password in imap/pop3/etc process, you can do:

password_query = '%w' as userdb_password, ...

Then the password will be available the same way as plugin { password } would 
be available (mail_user_plugin_getenv()).

You could also write a passdb plugin you could access the password directly 
from auth_request->mech_password.

Re: [Dovecot] Accessing plain text password from memory

[Alan McGinlay - SICS]

On 2013-12-13 15:37, Stanislas SABATIER wrote:
Is there a way to retrieve the client's password in plain text from 
memory ?


I don't store the password in plain text in my postgreSQL but I need 
it

when the client is connected to make crypto computation.

If I write a plugin to do the job, how could I retrieve the plain text
password from master ?

Thank you for your help,

Regards,
Stan.

---
Stanislas SABATIER
s.sabat...@pobox.com
---


If you enable auth_debug you can also enable auth_debug_passwords and 
that will show the plaintext password in the logfile when the user 
connects. I can't say I would recommend it though.


/A

[Dovecot] Accessing plain text password from memory

[Stanislas SABATIER]

Is there a way to retrieve the client's password in plain text from memory ?

I don't store the password in plain text in my postgreSQL but I need it
when the client is connected to make crypto computation.

If I write a plugin to do the job, how could I retrieve the plain text
password from master ?

Thank you for your help,

Regards,
Stan.

---
Stanislas SABATIER
s.sabat...@pobox.com
---