On 01/12/2011 01:22, Carson Gaspar wrote:
On 11/30/2011 4:18 PM, Howard Chu wrote:
On 30/11/11 11:16 +0100, Christian Roessner wrote:
cmusaslsecretCRAM-MD5
cmusaslsecretDIGEST-MD5 and
cmusaslsecretNTLM
As I recall these are all plaintext-equivalents; i.e. there is no
security benefit from using these pre-hashed values, so they've been
deprecated already. The plugins will retrieve and use them if they're
present, but nothing creates them.
They are _not_ plaintext equivalents.
Actually you are both wrong :-). They *are* plaintext-equivalent, i.e.
if an attacker obtains them, he can use them to authenticate as the user.
However, you are right, that they are slightly more secure than
cleartext password, as you said cmusaslsecretDIGEST-MD5 includes realm
(and also username), so it is effectively salted. So if such hash is
stolen, exposure might be limited to one site using the same username
and realm.
In the case of cmusaslsecretCRAM-MD5, it is only (effectively) a hash of
the password. So if it is stolen, it can be used to login to any
CRAM-MD5 account using the same password, irrespectively of the username
used.
They are realm-limited, so compromise is limited to just the set of
services sharing that realm (in many cases a single service). i.e.
they don't let me use your password to log in to gmail, or get a shell
on your box.
The fact that the cyrus folks decided to deprecate these in favor of
storing actual clear text passwords makes me a sad panda. And
demonstrates a lack of understanding of the security issues involved,
or a very different cost/benefit analysis than I can imagine.
While cmusaslsecretDIGEST-MD5 is more secure, it is a bit of a
management headache: if the username changes (e.g. due to marriage),
then the hash is no longer valid and needs to be reset.
Having said that, I do have somewhere the code to generate
cmusaslsecretCRAM-MD5 value. At the moment I don't remember whether it
was never committed or whether it was removed.
