Auth/Password salts aren't that salty

[cburschka]

In OSS/Auth/Password.php, you've got this:

                case self::HASH_MD5_SALTED:
                    return md5( $pw . $config['pwhash'] );
                    break;
                case self::HASH_SHA1:
                    return sha1( $pw );
                    break;
                case self::HASH_SHA1_SALTED:
                    return sha1( $pw . $config['pwhash'] );
                    break;

Since $config['pwhash'] is the name of the hash method, the "random" salt is the hardcoded string md5.salted or sha1.salted.

(This can be checked by eg. setting a ViMbAdmin password to "12345678" and seeing that the resultant hash in the database is 449a41df7f93623c19b80f8fcb9f7143, which is MD5("12345678md5.salted").)

This should probably be somewhat more random to provide the intended benefit.

[barryo]

Yup, but none of these are recommended. There's two types of password in ViMbAdmin:

• A user / administrator password who can login to the system. These are bcrypt by default which is current best practice (from application.ini):

resources.auth.enabled = 1
resources.auth.oss.adapter = "OSS_Auth_Doctrine2Adapter"
resources.auth.oss.pwhash  = "bcrypt"
resources.auth.oss.hash_cost  = 9

• Mailbox passwords. These are entirely up to you and can be made as secure as possible. Supported hashes with random salts include (again from application.ini):

;   "crypt:XXX"   - call the PHP crypt function (with random salt) where XXX is one of: md5, blowfish, sha256, sha512
;   "dovecot:XXX" - call the Dovecot password generator (see next option below) and use the
;                      scheme specified by XXX. To see available schemes, use 'dovecotpw -l'
;                      or 'doveadm pw -l'

Of course you'll need to have your backend (Dovecot / Courier / etc and the LDA/SMTP auth engine) all share common support for your choice.

[cburschka]

(I should add that while $config['pwhash'] seems like an actual mistake and $config['pwsalt'] was intended to be used, it's generally recommended to generate and store individual salts for each password instead of a global value.)

[barryo]

Opps - replied with a specific project in mind (ViMbAdmin) but the above applies anyway.

[barryo]

Actually - one last note which I've just added to the main README.md:

Note that this is not an active project and is only currently maintained for bug/security fixes for pre-existing projects that rely on it.

[cburschka]

Hi again, I gather that you're saying that md5.salted and sha1.salted shouldn't be used in ViMbAdmin, but the documentation (https://github.com/opensolutions/ViMbAdmin/wiki/Configuration) says nothing about this, and lists md5.salted and sha1.salted as valid alternatives without mentioning that they're deprecated.

Also, the documentation is incorrect when it says

Note that sha1.salted and md5.salted requires password_salt to be set to a random string.

Because the random string in password_salt isn't ever used; you're just appending the string "md5.salted" or "sha1.salted". ;)

[barryo]

I gather that you're saying that md5.salted and sha1.salted shouldn't be used in ViMbAdmin

No, for that I'm saying:

Mailbox passwords. These are entirely up to you and can be made as secure as possible. Supported hashes with random salts include (again from application.ini): <snip - see above>
Of course you'll need to have your backend (Dovecot / Courier / etc and the LDA/SMTP auth engine) all share common support for your choice.

[barryo]

Also, the documentation is incorrect when it says

Note that sha1.salted and md5.salted requires password_salt to be set to a random string.

Because the random string in password_salt isn't ever used; you're just appending the string "md5.salted" or "sha1.salted". ;)

No - the $config parameter passed by ViMbAdmin for mailboxes is different - see this section of code.

[cburschka]

Sorry, I think we're misunderstanding each other. Yes, the code you're linking to indeed does this:

 'pwsalt' => isset( $this->_options['defaults']['mailbox']['password_salt'] )
                       ? $this->_options['defaults']['mailbox']['password_salt'] : null,

But my point is that the pwsalt value doesn't get used - you have a typo in Password.php that uses pwhash instead of pwsalt:

            case self::HASH_MD5_SALTED:
                return md5( $pw . $config['pwhash'] );
                break;

Which should be

            case self::HASH_MD5_SALTED:
                return md5( $pw . $config['pwsalt'] );
                break;

Hope that clears up what I meant. :)

[barryo]

Hope that clears up what I meant. :)

Yip, now I see it 😢

Okay, leave it with me until I figure out the best way to handle this!

[barryo]

Fixed in the above commits. Announced at:

• https://groups.google.com/forum/?hl=en#!topic/vimbadmin-discuss/8tTDHIJwp9c
• https://groups.google.com/forum/#!topic/vimbadmin-announce/UJq3Sq5SJYM

Thanks for pointing this out.