[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qmail
Subject:    RE: Yet Another Mutant Version Of "checkpassword" Is Born
From:       "David T. Ashley" <dashley () abi-consulting ! com>
Date:       2005-04-29 23:55:27
Message-ID: COEPIFCCEDOHKMNNDOBOOEKACDAA.dashley () abi-consulting ! com
[Download RAW message or body]

> Thus spake David T. Ashley (dashley@abi-consulting.com):
> > I hacked up Jedi/Sector One's work for my own needs, and it
> > seems to work.  It is visible here:
>
> For any of us to care, it would maybe be beneficial if you told us what
> makes your version better/different from other checkpassword
> implementations.
>
> Just a thought.
>
> Felix

Good point.

a)The UID/GID for POP service is hardcoded into the program as a compilation
config (less variability is better and safer).

b)It just uses a plain password file with user-id, password, and maildir
directory (*).

c)It is shorter and simpler (it has some unnecessary stuff removed).

(*)Some would argue that a plain password file is less safe.  A number of
points in this direction:

1)crypt, md5, or sha1 are all unsafe unless you have something known only to
the server to use to taint the hash.  They all will allow a dictionary
attack.  Given today's compute speeds, crypt() is nearly useless.

2)I trust *nix file system security.  Having the file readable only by the
daemon of interest is enough for me.

I don't have any objection to _real_ security.  However, crypt() ain't it.

Dave.

[prev in list] [next in list] [prev in thread] [next in thread]