[Imapfilter-devel] Encrypted passwords

Lefteris Chatzibarbas lefcha at users.sourceforge.net
Wed Dec 12 21:51:42 EET 2001


On Wed, Dec 12, 2001 at 04:30:24PM +0000, Gabor Z. Papp wrote:
> * Lefteris Chatzibarbas <lefcha at users.sourceforge.net>:
> 
> |> Why don't you choose a method where no additional passphrase needed?
> | 
> | Another method, such as?
> 
> $ mkpasswd --help
> Usage: mkpasswd [OPTIONS]... [PASSWORD [SALT]]
> Crypts the PASSWORD using crypt(3).
> [...]
> 
> No additional passphrase needed. Its well enough for what you want.
> And crypt() I think is part of all modern unices.
>

mkpasswd(1) is a front end to crypt(3), and the latter is used for password
authentication not for password storage.  UNIX uses crypt(3) in order to
encrypt a password using the password itself.  So it stores in /etc/passwd
the password encrypted instead on the plain. When a user logins he enters
his password, which is encrypted with itself and checked if it matches with
the one stored in /etc/passwd.  This is a lot different from what IMAPFilter
needs.  Also, crypt(3) uses DES with 56-bit key, which is unacceptable for
today's cryptography standards.

> | One good reason to encrypt your passwords is that the machine you are
> 
> It is simpley good, I also hate passwords in plain text
> files. But encrypting it with additional passphrase is not
> so comfortable. :-)
> 
> Decrypt doesn't need the passphrase?

I know it is a bit annoying, but entering one password that decrypts all
the other passwords is a lot better than entering each one of them (the
scheme with the master password is also the one used by mozilla and many
other programs).

Anyway, storing passwords encrypted is not so important for a workstation
at home, so this feature can just be ignored.

_______________________________________________
Imapfilter-devel mailing list
Imapfilter-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/imapfilter-devel



More information about the Imapfilter-devel mailing list