Gday All,

Do you store your user passwords in plaintext or encrypted

A question for those of you who do virtual hosting of email/ftp and other services. Looking at how hard it is to get an encryption standard that works across all, and the very limited support of standards in clients, do you bother encrypting the password in the database?

Articles from Dovecot (http://wiki.dovecot.org/Authentication/Mechanisms) under the non plaintext auth methods, imply bad client support for different encryption methods, and im pretty sure proftpd does the same. (And yes, lets ignore the use of unsecure ftp for the moment)

So to the linode community, what do you do?

_________________
ServerAdmin - www.our-lan.com
"Diplomacy is the art of saying nice doggy whilst looking for a really big stick"
"In my experiece, any attempt to make any system idiot proof will only challenge God to make a better idiot"

Encrypted. Always.

Both e-mail and FTP passwords are encrypted with the MySQL ENCRYPT function in our databases.

I also use this kind of thinking when creating websites that use a username and password to log in.

Only encrypted / hashed (edited due to witty comments below ).

Dovecot and exim4 were a bit of a fiddle to get working correctly with php's sha1(), but no complaints about the less standards-compliant clients (yet).

You forgot to add hashed (sha1, md5, etc.).

Encryption(two way can be decrypted back into original password):
plaintextpassword->encryptionkey->encryptedpassword
encryptedpassword->encryptionkey->plaintextpassword

Hashing (supposedly one way):
plaintextpassword->hashedpassword+anyextrastuffyouwanttoaddinlikesalt->finalhashedpassword
finalhashedpassword->nowaytogetfinalhashedpasswordinplaintextunlessyoualreadyknowwhattheplaintextpasswordisalready

The only way to get the password would be to come up with the plain text equivalent of the hashed value, even if you do not have the original there is a change that you might come into another plaintext value that has the same hash eventually.

When I come across an unsalted, non-hashed plaintext password...I'm frankly staggered.

_________________
Disclaimer: I am no longer employed by Linode; opinions are my own alone.

I just say ..... keeps me employed

_________________

Where "Thought Crime" is commited
http://www.rejecttheherd.net

Exactly, storing plain text passwords is completely irresponsible. I also feel that sotoring encrypted passwords should be avoided if at all possible (they can still be compromised if the key leaks and the administrator still has access to all his users' passwords).

Hashed and salted with sha1 or better is the way to go. And make sure you use a unique salt for each password, otherwise the purpose of the salt will be defeated.