modoboa icon indicating copy to clipboard operation
modoboa copied to clipboard

Published 20 hours ago verified publisher icon modoboa

Changing password scheme

Open ghost opened this issue 7 years ago • 3 comments

I was asked yesterday on IRC if it's safe to change the Default password scheme, I said no but I'm wrong. It is safe to change Default password scheme but there is one caveat.

When Modoboa saves the hashed password to the database it prefixes it with the scheme so dovecot knows which scheme to use when validating passwords, if no scheme prefix is present it falls back to default_pass_scheme set in dovecot-sql.conf.ext. (Most SQL based admin interfaces don't prefix the password scheme, which is where I made the mistake)

The one caveat is changing Default password scheme doesn't automatically update all the stored passwords to the new scheme. This either needs done manually by getting each user to change their password or a post login script is required for dovecot to update the password when the user logs into imap/pop. (See Convert Password Schemes)

  • [ ] Update documentation
  • [ ] Create a post login script for use with dovecot

ghost avatar Mar 04 '18 13:03 ghost

Another thing to note is BLF-CRYPT isn't available with dovecot 2.2 on MOST linux distributions, it is however included in dovecot 2.3. Dovecot Password Schemes.

dovecot pw -l lists what scheme dovecot supports.

ghost avatar Mar 04 '18 14:03 ghost

Great info @fyfe Thanks! I just put it on agenda to switch to bcrypt, when dovecot 2.3 is released.

bobslee avatar Mar 04 '18 14:03 bobslee

Unfortunately it is not possible to recover a once hashed password (with salt) and to rehash it with another algorithm. This is only possible as described by a user changing their password.

Fortunately we have this setting, so people don't even need to change it, but login once (to the Modoboa admin interface, I guess):

image

Would this feature mean that the password is transferred in plain text to the server, and not itself in a hashed format? The server should never know the plain text of my secrets. :eyes:

Switching to the most up-to-date password scheme is still highly encouraged. Dovecot and Django just need to be of the same opinion here. Maybe it's good to follow good practices and use something more up to date than bcrypt:

Nextcloud for example used bcrypt ($2y prefix) for older accounts, but is now using Argon2i(d) for newer ones:

https://github.com/nextcloud/server/blob/b4fec29e8e403cdf6a589f5a0855b3b904c720e4/lib/private/Security/Hasher.php#L85

Django supports other hashes via the Python bcrypt module, and preferably argon2-cffi, as seen in the identity provider Authentik (which is also based on Django).

  • https://docs.djangoproject.com/en/4.2/topics/auth/passwords/
  • https://argon2-cffi.readthedocs.io/en/stable/

Argon2ID is also supported in recent dovecot versions, if the local libsodium supports it:

  • https://doc.dovecot.org/configuration_manual/authentication/password_schemes/

With a little caveat on memory consumption of the auth_worker and how to configure it for Argon2, but not Argon2id:

  • https://blog.germancoding.com/2020/11/27/dovecot-and-argon2-doesnt-work-this-may-be-why/

We can check if our dovecot instance supports Argon2id by running this command from the dovecot documentation page:

doveadm pw -s argon2id

almereyda avatar Oct 17 '23 20:10 almereyda