Hello, I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants: 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and not allow unencrypted connection. What is your opinion? Best, ML
On 12/5/2014 3:24 AM, ML mail wrote:> Hello, > > I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants: > > 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism > 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism > > In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and not allow unencrypted connection. > > What is your opinion?Option 2 without hesitation. MD5-CRYPT: - is extremely weak - was phased out as the default password hash long ago - needs to die out CRAM-MD5: - is either redundant or insufficient - is not universally supported - limits your authentication backend options
On 12/5/14, ML mail <mlnospam at yahoo.com> wrote:> Hello, > > I am wondering which variant is more secure for user authentication and > password scheme. Basically I am looking at both variants: > > 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism > 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism > > In my opinion the option 2) should be safer although it is using PLAIN auth > mechanism. Of course I would always use STARTTLS and not allow unencrypted > connection.Thats not exactly a true statement, if you offer STARTTLS you are optional on encryption, if you mean not allow unencrypted connections then you are forcing TLS, not STARTTLS since the latter is designed to accept unencrypted and then _try_ upgrade to encryption if possible, if not, stay unencrypted.> > What is your opinion? >Number 2 as the other poster said without hesitation and for reasons he said
On 12/06/2014 02:35 AM, Nick Edwards wrote:> On 12/5/14, ML mail <mlnospam at yahoo.com> wrote: >> Hello, >> >> I am wondering which variant is more secure for user authentication and >> password scheme. Basically I am looking at both variants: >> >> 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism >> 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism >> >> In my opinion the option 2) should be safer although it is using PLAIN auth >> mechanism. Of course I would always use STARTTLS and not allow unencrypted >> connection. > > Thats not exactly a true statement, if you offer STARTTLS you are > optional on encryption, if you mean not allow unencrypted connections > then you are forcing TLS, not STARTTLS since the latter is designed to > accept unencrypted and then _try_ upgrade to encryption if possible, > if not, stay unencrypted.If you add disable_plaintext_auth=yes ssl=required settings, then dovecot will drop authentication without STARTTLS. But damage will be done, client will send unencrypted (or in this scenario MD5 or SHA512 hash) login/password. http://wiki2.dovecot.org/SSL>> What is your opinion? >> > Number 2 as the other poster said without hesitation and for reasons he said+1 -- Jan Wide? Senior System Administrator e-mail: jan.widel at networkers.pl mobile: +48 797 004 946 www: http://www.networkers.pl GPG: http://networkers.pl/GPG/2E7359CD.asc