I am not sure how we should actually implement this. Do you mean that we should
require that you always provide a password scheme for credentials, or require
explicit {PLAIN} prefix or what? Everything costs something and has unexpected
side-effects, like breaking everyone's master password authentication, in this
case.
But other than that, Dovecot *does not* store passwords. Anywhere. It reads
passwords from SQL database, passwd files etc. which are externally managed,
not Dovecot managed. So I don't understand what "default" means here and what
would be "a GDPR compliant default" for you?
Aki
> On 10/02/2025 14:57 EET Robert Nowotny via dovecot <[email protected]>
> wrote:
>
>
> Thumbs up for that.
> It costs nothing and adds value. Cant see any downsides (which might
> exist, aki might elaborate).
> Bitranox
>
>
> *Von:* Rupert Gallagher via dovecot <[email protected]>
>
> *Gesendet:* Montag, 10. Februar 2025 um 13:51 MEZ
>
> *An:* [email protected] <[email protected]>
>
> *Kopie:* dovecot <[email protected]>
>
> *Betreff:* RE: Dovecot's default password storage scheme is not GDPR
> compliant
>
>
> > I do, Aki.
> >
> > This is not the point, however.
> >
> > The point is that the default is not GDPR compliant, and a first easy
> > alternative is also not GDPR compliant, and decoupling the user scheme from
> > the server storage scheme is not at all obvious. Adopting a GDPR-compliant
> > default would send out the information that the project cares about legal
> > compliance, and a solution is supported by default.
> >
> >
> > -------- Original Message --------
> > On 2/10/25 11:39, Aki Tuomi<[email protected]> wrote:
> >
> >>
> >> > On 10/02/2025 12:23 EET Rupert Gallagher via
> >> dovecot<[email protected]> wrote:
> >> >
> >> >
> >> > Dovecot aligns the password encryption scheme used by the imap client
> >> with the password storage scheme used by the server.
> >> >
> >> > Since the default is set to plain text, the client sends the password
> >> in plain text (tls tunneled), and the server local storage of passwords is
> >> a plain text file.
> >> >
> >> > For minimum protection, just enough to say you are not using
> >> plaintext, you can use md5, so the client sends the hashed password and
> >> the server's local storage is a plain text file containing hashed
> >> passwords.
> >> >
> >> > Last year a GDPR commissioner filed a hefty monetary sanction to a
> >> company because they used md5 to store passwords.
> >> >
> >> > Therefore, Dovecot's plain text default, and the md5 option, are both
> >> non-GDPR compliant.
> >> >
> >> > To avoid monetary sanctions, Dovecot ought to change how it stores
> >> passwords by default.
> >> >
> >> > Please do not ignore this message.
> >> >
> >>
> >> You do understand that it's the admin's responsiblity to choose a safe
> >> password storage, not ours?
> >>
> >> Aki
> >>
> >>
> > _______________________________________________
> > dovecot mailing list [email protected]
> > To unsubscribe send an email [email protected]
>
>
> _______________________________________________
> dovecot mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
