Encrypt Email passwords even for root

[TorbHo]

Is it somehow possible to encrypt email passwords, so that even an user with root access cannot access them.
At the moment root-users can see them with

/usr/local/psa/admin/sbin/mail_auth_view

If it is not possible, can we make it somehow harder to view the passwords?

Our intention is to give our customers a better feeling of security, as some of them still use the same password for different platforms.

 

[UFHH01]

Hi TorbenH,

as far that I know, this feature is hardcoded in encrypted Plesk files, so you won't be able to change that.

 

[B4c4rd1]

You should better ensure that no other root access is obtained. Linux automatically assumes that the user root knows exactly what it is doing and with this user it does not require any restrictions. Root remains root. This is not Windows!

 

[TorbHo]

You should better ensure that no other root access is obtained. Linux automatically assumes that the user root knows exactly what it is doing and with this user it does not require any restrictions. Root remains root. This is not Windows!

That is not the point. We and our customers don't like the idea that anyone, no matter if user, admin or root could see passwords in plain text.

Any password should be saved in database encrypted and irretrievably.

 

[UFHH01]

Hi TorbenH,

pls. feel free to add a feature request at: => Feature Suggestions: Top (1470 ideas) – Your Ideas for Plesk , where you are able to describe your desires and the buisiness case.

 

[G J Piper]

That is not the point. We and our customers don't like the idea that anyone, no matter if user, admin or root could see passwords in plain text. Any password should be saved in database encrypted and irretrievably.

Any password that can be used must be decryptable by the service that is using it. I'm not aware of anything that will allow you to have "irretrievably encrypted" passwords that still work.

 

[B_P]

Any password that can be used must be decryptable by the service that is using it. I'm not aware of anything that will allow you to have "irretrievably encrypted" passwords that still work.

Well, G J Piper, I have to disagree. What we are looking for are (one-way) cryptographic hash functions (e.g., Cryptographic hash function - Wikipedia, Password Storage Cheat Sheet - OWASP).
The idea is quite simple: When you store the password for the first time, you generate some form of hash which you store instead of the password. Now if the user wants to login, the system takes the entered password and applies the same hash function to this plaintext passwords. If the two hashes match, the password is correct.

Why would you want to use hashes instead of symmetrially encrypted passwords (that you can decrypt if you know the key)?
Well, the answer is quite simple: Many people use the same account details (e.g., e-mail address as user name, and the same password) for many other systems. Thus, if your Plesk server gets compromised, you risk that the attacker might try to use these credentials somewhere else. And if you are the administrator, you probably want to have a system where this just cannot happen...
This has been documented for many cases, e.g., symmetric key encryption vs hashing,