Bug 2796 - add SCRAM-SHA-1 support
Summary: add SCRAM-SHA-1 support
Status: REOPENED
Alias: None
Product: Claws Mail (GTK 2)
Classification: Unclassified
Component: SMTP (show other bugs)
Version: other
Hardware: PC All
: P3 enhancement
Assignee: users
URL:
Depends on:
Blocks:
 
Reported: 2012-11-19 04:15 UTC by franz.wudy
Modified: 2020-11-01 00:53 UTC (History)
1 user (show)

See Also:


Attachments
SCRAM-SHA-1 for IMAP (3.79 KB, patch)
2015-01-03 02:40 UTC, Andrej Kacian
no flags Details | Diff

Description franz.wudy 2012-11-19 04:15:51 UTC
Hello,

MD5 based password schemes are known to be insecure for quite a while now. See Stuxnet & Co in Microsoft's case.

SHA in is various configurations still seems to be a good choice for hashing algorithms.

DOVECOT imap servers as well as Cyrus and (i believe) UW's impad do support the "salted" SCRAM-SHA-1 scheme for quite a while now as a secure alternative. SCRAM-SHA-1-PLUS is being worked on.

http://www.dovecot.org/list/dovecot/2011-September/061172.html
DOVECOT has been tested against GNU SASL.

MD5-based schemes (CRAM, DIGEST, etc) should either not be allowed any more or at least the user should be warned that he is about to give up some of his most essential information.

A common and safe denominator between servers and a client is SCRAM-SHA-1 these days and it should be implemented.

Thanks -
Franz
Comment 1 Andrej Kacian 2014-11-10 07:58:51 UTC
For IMAP, we are limited by what libetpan supports, and I haven't found any mention of even a plan to add SCRAM-SHA-1 support there.

For SMTP, I think this is doable. We will, however, need two things:

1. A good source for random numbers to generate good client nonce. We can either use GnuTLS's gnutls_rand(), or directly read from /dev/urandom. That is not portable to Windows, though, we'd have to use CryptGenRandom() on Windows, or simply not support SCRAM-SHA-1 for Windows.

Using GnuTLS for this would of course mean that we would only support SCRAM-SHA-1 if compiled with GnuTLS support.

2. SHA1 digest implementation. Again, we could use GnuTLS, libnettle (implies additional dependency), or simply grab an implementation from e.g. nettle library.

Thoughts?
Comment 2 Christian Hesse 2014-11-10 08:02:25 UTC
(In reply to comment #1)
> 2. SHA1 digest implementation. Again, we could use GnuTLS, libnettle
> (implies additional dependency), or simply grab an implementation from e.g.
> nettle library.

Looks like gnutls depends on nettle (at least the Arch Linux package does). So there is no extra dependency for most users.
Comment 3 Andrej Kacian 2014-11-10 08:56:24 UTC
(In reply to comment #2)
> Looks like gnutls depends on nettle (at least the Arch Linux package does).
> So there is no extra dependency for most users.

Unfortunately, that isn't the case on Debian (at least on stable wheezy) -the GnuTLS library itself does not depend on nettle. Only the gnutls-bin package with various utility programs does. But anyway, if we decide to explicitly use functions from nettle library, we would have to explicitly add a check for it in configure.

There is another option for getting SHA1 which I forgot: Glib 2.30 adds support for HMAC digests[1], so we could use those, if we bump our minimum Glib version requirement from current 2.20 to 2.30. I'm not sure if that's a good idea, though just for one additional authentication method.

1. https://developer.gnome.org/glib/stable/glib-Data-HMACs.html
Comment 4 Charles E. Lehner 2014-11-26 22:09:17 UTC
What about using libsasl2 (Cyrus SASL)? This is what libetpan uses [1], and claws-mail in Debian Testing (3.11.1-1) already depends on it.

Cyrus SASL supports SCRAM-SHA-1:
https://github.com/coapp-packages/cyrus-sasl/blob/master/plugins/scram.c

Example usage in a client:
http://www.cyrusimap.org/docs/cyrus-sasl/2.1.25/programming.php#client_section

On that note, couldn't we just use SCRAM-SHA-1 through libetpan for IMAP, as with CRAM-MD5 and DIGEST-MD5? For SMTP, could we use sasl_client_* functions from Cyrus SASL for the auth?

1. https://github.com/dinhviethoa/libetpan/blob/master/configure.ac#L514
Comment 5 Andrej Kacian 2015-01-03 02:40:47 UTC
Created attachment 1465 [details]
SCRAM-SHA-1 for IMAP

Yes, that will probably be best approach, sometimes I really should step back and look at what's available, instead of trying to reinvent the wheel. :)

Anyway, patch for the easier part (IMAP, using libetpan) is attached, and seems to be working fine on my local IMAP server. Note the caveat mentioned in comment of first hunk.
Comment 6 Paul 2015-11-15 14:13:41 UTC
this was added back in January, but no-one closed this at the time.
Comment 7 Andrej Kacian 2015-11-15 15:27:36 UTC
I haven't closed the bug because we still do not offer this auth method for SMTP, my patch only adds it for IMAP.
Comment 8 Neustradamus 2020-11-01 00:53:27 UTC
Can you confirm me the state of play of this support?

Note You need to log in before you can comment on or make changes to this bug.