Bernardo Reino
2022-Oct-09 16:10 UTC
Dovecot mail-crypt webmail can't read encrypted messages
On Sun, 9 Oct 2022, Serveria Support wrote:> So this means passwords cannot be masked/hidden in the logs? You realize that > it actually defeats the whole idea of encrypted storage? It's useless. I can > think of lots of scenarios: malicious system administrator reading users > mails and blackmailing them or selling their business secrets to competitors, > corrupt law enforcement in some countries getting rid of political or > business opponents by disclosing the contents of their mails and I can go on > and on and on... There is no such thing as semi-privacy. Privacy is either > there or it's not.If your attack scenario includes somebody owning your server, nothing prevents them from compiling/installing a custom version of dovecot (or any other tool you may be using, like PAM, etc.) which dumps the passwords in clear text to a suitable file, pipe, or socket. So good luck with that requirement.. Cheers, Bernardo
Serveria Support
2022-Oct-09 17:47 UTC
Dovecot mail-crypt webmail can't read encrypted messages
Like I've already mentioned in my reply to Aki, I generally agree, but many of these methods require much time and expertise some bad guys don't have. You can also bruteforce the passwords but it can take years. With passwords showing in logs all they need to do is make a few clicks and enable auth logging. In most cases the attacker is really short on time and needs to act fast, before he is detected and locked out of the system. On 2022-10-09 19:10, Bernardo Reino wrote:> On Sun, 9 Oct 2022, Serveria Support wrote: > >> So this means passwords cannot be masked/hidden in the logs? You >> realize that it actually defeats the whole idea of encrypted storage? >> It's useless. I can think of lots of scenarios: malicious system >> administrator reading users mails and blackmailing them or selling >> their business secrets to competitors, corrupt law enforcement in some >> countries getting rid of political or business opponents by disclosing >> the contents of their mails and I can go on and on and on... There is >> no such thing as semi-privacy. Privacy is either there or it's not. > > If your attack scenario includes somebody owning your server, nothing > prevents them from compiling/installing a custom version of dovecot > (or any other tool you may be using, like PAM, etc.) which dumps the > passwords in clear text to a suitable file, pipe, or socket. > > So good luck with that requirement.. > > Cheers, > Bernardo