Open philipwhiuk opened 8 years ago
philipwhiuk
commented
8 years ago See also similar potential enhancements on authentication:
rugk
commented
7 years ago DANE is not a way to authenticate users, see https://github.com/k9mail/k-9/issues/1776 for this.
legrosgore
commented
6 years ago Could you please support a better authentication than CRAM-MD5 ? Security matters... I need to allow unsecure apps on gmail because of that. Is K-9 insecure ?
rugk
commented
6 years ago Sorry, but this is nonsense. Neither
Edit (2019): This is wrong. Correction here: https://github.com/k9mail/k-9/issues/1231#issuecomment-567173176SCRAM-SHA1 nor CRAM-MD5 are secure. MD5 hashes can be broken in seconds, the same for SHA-1, depending on the password of course. Both are just not intended for password-hashing, these are mostly legacy algorithms.
So the only way to make your setup secure is: Use TLS!. I think all mail providers support that currently.
And if you use TLS, there is no reason to use these strange SCRAM thing anymore. Your password is protected at transport level thanks to TLS. And the best thing: TLS actually protects your mails, while SCRAM is only about your password. So as you actually maybe want to protect your mails, use a secure connection to your mail server (i.e. TLS) and forget this SCRAM thing.
And BTW: It's 2017. TLS is (going/supposed to be) everywhere. And if not, use another mail provider.
nogweii
commented
6 years ago @rugk I think most users are using TLS already now. But Google denies access via all authentication methods except XOAuth2 in IMAP by default. And adds a bunch of scary language when you want to bypass it.
rugk
commented
6 years ago Yeah, but they also do not allow SCAM then. AFAIK Gmail does not allow access by SMTP/POP3 or so at all generally. There may be a setting to activate it in the settings, then it should work – with per-device passwords, possibly. And OAuth is, unfortunately, not yet supported by IMAP or so.
philipwhiuk
commented
6 years ago I managed to setup a Dovecot server to test this against. I'm mid-way through implementation.
ntninja
commented
6 years ago @philipwhiuk: What's your status on this? Is there any code?
Neustradamus
commented
5 years ago Any news?
Maybe good to see for SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS)
Neustradamus
commented
5 years ago A best issue here:
Zash
commented
4 years ago Sorry, but this is nonsense. Neither SCRAM-SHA1 nor CRAM-MD5 are secure. MD5 hashes can be broken in seconds, the same for SHA-1, depending on the password of course
Sorry, but this is incorrect. SCRAM-SHA-1 isn't CRAM-MD5 but with SHA-1, it's using a key derivation function (PBKDF2), precisely the kind of thing you should use to deal with passwords. SCRAM allows storing the password in hashed form on both the client and the server side, and only hashes are sent on the wire.
rugk
commented
4 years ago @Zash Read through the wiki article and yeah, you're right. I guess I was misleaded by it's name.
SCRAM-SHA-1 uses PBKDF2 (which uses a HMAC, which is still secure with MD5/SHA-1 even if collisions in MD5 or SHA1 or AFAIK even preimage attacks are known). Anyway, yes, I have to correct myself: It's actually pretty secure! It even salts passwords! :smiley:
Though in 2020 you'd maybe switch to even nicer password hashing functions than PBKDF2. YOu know, we have Argon2 or just the already nice scrypt or so.
Also, of course I'd still argue there is no security advantage of SCRAM-SHA1 compared to a mail server ~hashing~ stretching the passwords on the server instead of on the client, as TLS is there and the server has to be trusted anyway. :smile:
That said, I see no argument against implementing this in K9 mail anymore, expect of potential complexity, maybe?
Edit: also corrected initial comment, thx @Zash for making me aware of that. :smile:
Neustradamus
commented
4 years ago Any news on it?
vladimir-mencl-eresearch
commented
2 years ago Hi,
One of my (work) email providers, hosted at outlook.office365.com, just changed their password settings and no longer allows the cleartext password to be sent through - even when using TLS.
Sending unencrypted passwords even over TLS carries risk in case the other end-point is compromised.
And since they've made the change, I'm not able to connect with K-9. Just updated to latest in Play Store (5.806), but when I try switching the Authentication setting (in Incoming Server Settings) to Encrypted password, I get:
Setup could not finish
Cannot connect to server.
(Server doesn't supported encrypted passwords using CRAM-MD5.)So, only supporting CRAM-MD5 does not seem to work with sites that have tighter security settings.
Can we please have the feature requested here implemented (assuming it would work solve the problem I'm seeing)?
I'd be happy to help with testing.
Cheers, Vlad
Neustradamus
commented
2 years ago Dear @k9mail team,
Happy New Year 2022!
Have you looked for SCRAM-SHA-* supports?
Thanks in advance.
vladimir-mencl-eresearch
commented
2 years ago Happy New Year to the team.
I've checked again and it looks like with the setting our organisation applied to their Office365 subscription, the only way forward may be with OAuth.
I see this has been long-standing (#655), but it may be where the world is shifting (or at least big email providers are).
Cheers, Vlad
Expected behaviour
User should be able to select SCRAM-SHA1 as a form of authentication for IMAP.
Rationale
CRAM-MD5 is deprecated. SCRAM-SHA1 is fairly well adopted. If SSL/TLS is deployed we don't gain much security, but SSL/TLS isn't everywhere and CRAM-MD5 is obsolete.
Issues arising
The algorithm is more complex than others. It involves generating random nonces and the actual schema is quite difficult to follow. Deployment is less common so it's more complex to test but the original requester did offer a temporary test host.
On a UX level we don't actually expose the encryption method. We allow them to select from 'Plain', 'Encrypted' and 'Client certificate'.
According to the code documentation :
In theory this is nice. In practice it's a white lie - it does translate to that in the UI but we don't support any encryption except CRAM_MD5.
Source of request:
Google Groups Feedback https://groups.google.com/forum/#!topic/k-9-mail/UHhXyRY74SU