Re: Security vulnerability in APOP authentication
Rocco Rutte wrote on 15 Mar 2007 11:33:49 +0100:
> Well, this is a difficult issue. First, using hash algorithms always
> leaves us with the risk of collisions if it's only a theoretical one.
Sure, but a single collision is not a security threat... the problem
arises when you can construct collisions cheaply. In fact, if there is
no weakness in the hash function, it will be easier to guess the
password that to find a collision...
> Second, you have the same problem if someone can construct a collision
> with fully RfC-compliant message-ids.
Yes, definitely. I think the use of APOP should be strongly
discouraged now.
> Third, you have many other problems once someone owns your pop
> server. :)
Well, the attacker does not need to own your server, a man in the middle
is enough. You will have quite a few problems if there is a man in the
middle, but risking your APOP password should not be of them... your
mails are not safe, but your password should be.
> APOP IMHO should never be considered a secure way of authentication,
> it's just more secure than sending plain passwords over the wire. But
> yes, since the RfC says the "timestamp" must be syntacially valid
> message-id and mutt doesn't check it, there's some room of improvement.
>
> On the other hand, it may not be very nice to abort authentication in
> case the server config is so broken that it generates invalid
> message-ids...
This is not a problem; if the server does not support APOP it does not
send a msg-id and I believe mutt already does something useful in this
case, like switching to another authentication method... the invalid
msg-ids could be handled just the same.
--
Gaëtan LEURENT