Open Shine- opened 8 years ago
ervee
commented
8 years ago Interesting issue and I for one agree. What would be a good way to salt such stored password... I think the user password is not good because it can change, then invalidating all stored passwords.
Shine-
commented
8 years ago It's a good idea exactly BECAUSE it would invalidate all stored passwords.
Imagine another attack scenario: Someone managing to reset your password (a malicious admin, or an attacker using social engineering, or similar). Then you'd WANT all other stored passwords to be automatically invalid, in order for only one of your email accounts to become compromised. I, for one, would.
ervee
commented
8 years ago Okay. So even if you change you primary password your self, you will also need to re-enter all other account password. That's the (small) downside. But I think you are correct. If my mail amin changes my password, they can login my RainLoop account and access all my other accounts. That's a security issue.
I hope @rainloop can come up with some kind of solution like a password salt and a nice "enter account x password because of change " popup :-)
Shine-
commented
8 years ago When changing the password from within RainLoop (using one of the password change plugins), RainLoop could automatically re-encrypt all stored passwords, making it transparent for the user. That'd be a good compromise between security and usability, imo.
I can simply copy one of my users' "accounts" file to my own account and get access to all of their email accounts without knowing any of their passwords.
Stored passwords should be salted with a unique key per user, which is for example derived from the password that the user entered on the login page (which should never be stored anywhere!). That way, all stored passwords would become invalid if I copy an "accounts" file from one user to another.
There are numerous other attack scenarios possible with the current insecure encryption.