I have discovered this bug while analysing sudden failures when searching for e-mail addresses in LDAP address book (M$ Exchange). It seems that included password obfuscator truncates some passwords because it can generate nul (0x0, \000) character while encrypting the password. I have found a workaround that works for me: change default PASSCRYPT_KEY to something else. Since I do not want to reveal my work password I have attached a tool that uses brute force method to generate passwords that fail to decrypt in claws-mail (this can be easily traced by adding a printf to function passcrypt_decrypt in file common/passcrypt.c). The tool will stop when 20 failed attempts at encrypting the password are encountered. I have observed this behaviour on Linux, it would be interesting to check if the same bug is present on FreeBSD since there is an ifdef in passcrypt.c for the latter OS.
Created attachment 983 [details] A tool to generate passwords that fail to decrypt in claws-mail on Linux
Created attachment 1502 [details] Do not write truncated LDAP passwords I have had another look at this bug. The issue happens because quoted printable encoding is used on obfuscated password. I have changed it to use base64 and it works fine for my previously problematic pasword. The fix should support existing obfuscated passwords in addrbook--index.xml file. Whenever a new LDAP password is set it will be encoded using base64. Old style passwords are marked with !|, new style uses !!. I have not tested what happens when one has ! as a first character in their LDAP password.
The 3.14.0 release implements a completely new password storage backend.