diff --git a/Security-implementation.md b/Security-implementation.md index aac2eeb..842d6bd 100644 --- a/Security-implementation.md +++ b/Security-implementation.md @@ -4,13 +4,13 @@ User password is hashed with bcrypt, using 12 rounds. Password is stored in the ## 2FA -Wild Duck generates random TOTP seed tokens. These are encrypted (aes192) on storage with an application configured master password. Encrypted TOTP seed is stored in the user entry in the users database. +Wild Duck generates random TOTP seed tokens. These are encrypted (using "aes192" cipher by default) with a master password configured in application settings. Encrypted TOTP seed is stored in the user entry in the users database. -If 2FA is enabled then account password can only be used for the "master" scope but not for IMAP, POP3 or SMTP. In these cases the user must generate an Application Specific Password for the required scope(s). +If 2FA is enabled then account password can only be used for the "master" scope but not for IMAP, POP3 or SMTP scopes. In these cases the user must generate an Application Specific Password for the required scope(s). ## Application Specific Passwords -Application Specific Passwords are 16 byte random strings, consisting of lowercase latin characters. ASPs are stored as asp entries in the users database. +Application Specific Passwords are 16 byte strings, consisting of lowercase random latin characters. ASPs are stored as separate *asp* entries in the users database. ASPs are hashed with bcrypt, using 12 rounds. Additionally the 4 first symbols of the ASP are hashed with md5. This is needed to detect potential ASPs when authenticating (user password is compared against only these ASPs that have a matching md5 hash of the 4 first characters). @@ -18,12 +18,12 @@ ASPs have a scope set (an array of strings). When authenticating then the authen ## Authentication rate limiting -Both password and TOTP checks are rate limited. By default it is allowed to make 5 invalid password authentications in 60 seconds until the account is locked for the rest of the 60 second window. TOTP checks are counted separately, there are allowed 6 invalid checks in 180 second window. Successful authentication clears rate limiting values for that account. +Both password and TOTP checks are rate limited. By default it is allowed to make 5 invalid password authentications in 60 seconds until the account is locked for the rest of the 60 second time window. TOTP checks are counted separately, there are allowed 6 invalid checks in 180 second window. Successful authentication clears rate limiting values for that account. Time window starts from the first failed authentication attempt. ## PGP -Wild Duck is able to encrypt all added messages with users public PGP key, this includes messages received via LMTP, messages uploaded from IMAP (Drafts, Sent Mail) and messages uploaded by the MSA. +Wild Duck is able to encrypt all added messages with users public PGP key, this includes messages received via LMTP, messages uploaded from IMAP (Drafts, Sent Mail etc.) and messages uploaded by the MSA (if using zonemta-wildduck). ## Auditing -All authentication related events (this also includes modifications in authentication information) are logged and logs are kept for 30 days. Authentication event includes action (eg. "authentication", result (eg. "success"), IP address and a few other values. \ No newline at end of file +All authentication related events (this also includes modifications in authentication information) are logged and logs are kept for 30 days. Authentication event includes action (eg. "authentication"), result (eg. "success"), IP address and a few other values. \ No newline at end of file