how to encrypt passwords when using mysql

I need to be able to save passwords in mysql, but not in plain text. so is there an easy way to do this. I have no problems encrypting passwords in mysql.

just need ejabberd to read, or decrypt if you like, the passwords from mysql.

Not implemented, see: Store

Not implemented, see: Store passwords in plaintext in the database for security.

If you worry about network security, you can require the clients to encrypt all traffic, including the authentication process. Search 'starttls' in the ejabberd Guide.

If you worry about DB steal in your server machine, then you are in big troubles, and passwords are not the major problem.

If you worry about sharing DB with untrusted third parties, then you can write an extauth script, and then you care about password verification against MySQL or anything else. Search extauth in the ejabberd Guide.

This really needs to be addressed

Can I just say, as many other people here already have, that not encrypting passwords in the database is a MAJOR security issue. Encrypting the traffic is always the default response when someone raises it, but that is simply not enough, and it's just not good design to leave user data unprotected. There is no reason for encrypted traffic AND passwords not to co-exist.

In my opinion, this leaves ejabberd VERY exposed, and I am honestly kind of shocked at how unimportant the issues seems to be here. It would make me feel better if the development community at least acknowledged that this functionality is an important part of a secure system.

Agree, both TLS *and* encrypted passwords should be provided.

I agree, passwords should be encrypted for the sake of database security. My point: even if no chinese cracker breaks into your MySQL server, the database administrator could get mad with the enterprise and he can steal data in order to sell it, extort and so on. And since most lusers use the same pass for every service, you can imagine. There are even legal aspects involved. Just think Sony and PSN.

Ok, the argument is passwords most travel encrypted. Then use TLS! Oponents would say: no, because man in the middle and so on. If this is true, TLS is already flawed and I won't buy anything in the Internet since today.

What are you trying to protect against?

SASL DIGEST-MD5 authentication needs the plaintext password on the server. If the password is stored encrypted in the database, then the password must be decrypted before the server can authenticate the user. Anyone with root access to the system could do the same thing and gain access to the plaintext password.

For that reason, incorporating the encryption and decryption of plaintext passwords in ejabberd doesn't make any sense.

If minimizing access to the plaintext password is important, then using an external script running on a separate system with restricted access would be the proper implementation. ejabberd would pass the authentication information to the authentication box, which would in turn pull the encrypted password from the database, decrypt it, perform the authentication check and return the result to ejabberd. This implementation would keep the ejabberd admins (assuming passwords are not reset through ejabberd) and the database admins from having access to plaintext passwords. But even in this scenario, the administrator of the authentication box would be able to gain access to the decrypted passwords and restricted access to the physical box, auditing, etc. would be needed to insure security.

echamberlain wrote: For that

echamberlain wrote:

For that reason, incorporating the encryption and decryption of plaintext passwords in ejabberd doesn't make any sense.

Sorry, but this sounds completely like bullshit to me.
Security should start at the lowest layer and focus all elements in the relevant chain.
So, securing esp. passwords is one of the first issues that should be focused in security.
I think there are enought reasons why passwords should be secured:
- multiple administrators (priviliged access management, ...)
- 3rd party application security, i.e. interfacing an external web application for account mangement
- application security, etc.

There are enough services all around the ecosystem that demonstrate how to handle secured passwords in the
database.
i.e. mysql and postgresql support different encryption methods for passwords and indicate them by some attribute or pattern-matching like "{md5}d41d8cd98f00b204e9800998ecf8427e".

sincerely

roland

No reaction on this complaint

No reaction on this complaint for more than half a year? When will password encryption for MySQL be implemented in ejabberd? I am very interested in this "bug fix" as well. Never heard about the thesis, that password encryption in databases should make no sense for any reason. Please learn about encryption to prevent claiming such nonsense. :o)

Syndicate content