[Ach] Fwd: E-Mail Protocol Security Measurements

Daniel Frank ach-cert-at-87234 at danielfrank.net
Tue Jul 28 15:05:21 CEST 2015

Am Dienstag, 28. Juli 2015, 13:21:30 schrieb Sebastian:
> >>  * a huge number of servers offer AUTH PLAIN (some without 
> > 
> > Where do you see the problem (with STARTTLS)?
> > 
> > ACH recommends AUTH PLAIN over STARTTLS and most other 
> > schemes require you to store the password rather than the hash.
> A hashed password over a secure channel is still more safe than an
> unecrypted password on a secure channel. In case of vulnerabilities in
> the servers software or an successful MITM attack, Eve has the plain
> password. An encrypted pw is still useless.

That heavily depends which attack you are talking about. hashed 
password on the line protects against attacks on the line, but pretty much 
requires a cleartext password in a database on the server somewhere and 
thus allows a successful attacker to walk out with a full dump of the 
password database: hundreds, thousands, maybe millions of clear text 

A hashed password on the server pretty much requires a cleartext 
password on the line (hopefully through an encrypted channel...). In this 
case (no matter if the attack is on the line) only the passwords that are 
currently being used to login are directly in danger, which is only a subset 
of the full dump.

If in doubt I'd vote for hashed password storage on the server, but it 
depends on the attacks you want to protect against. 

Best long term solution might be similar to what XMPP is slowly migrating 
to: SCRAM... allows hashed password storage *and* hashed password on 
the line.
Not sure if it has other shortcomings though.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20150728/3c149735/attachment.html>

More information about the Ach mailing list