Friday, October 15, 2004

Telnet and IMAP4 incompatible!

Recently on the IMAP4 implementors mailing list, the creator of the IMAP4 protocol had this to say:

You can not telnet to a modern IMAP or POP3 server, since TELNET does not have session encryption to protect the confidentiality of the password.

I guess modern servers only support connections over SSL (and telnet-ssl must not count as "TELNET"), and logging in with anything other than plaintext passwords is impossible by hand. Since I do this all the time, I thought it a bit odd. I suppose Mr. Crispin simply wanted to discourage insecure logins, or perhaps he just thinks it is difficult enough to respond to, say, a Cram-MD5 challenge that it may as well be considered impossible in casual conversation.


I've had this Python utility lying around for a while, this seems like a good opportunity to share it.



#!/usr/bin/python

import sys
import hmac

def main(args=None):
if args is None:
args = sys.argv[1:]

response = hmac.HMAC(args[1], args[2].decode('base64')).hexdigest()
print (args[0] + ' ' + response).encode('base64')

if __name__ == '__main__':
main()

I use it pretty frequently, since I work with IMAP4, SMTP, and POP3 servers and clients a lot, and it is generally too time consuming to use an actual client, and usually actual clients won't give me the information I want anyway. Here's an example of its usage (italics are things I send to the server, the rest is from the shell or received from the server):



exarkun@boson:~$ telnet domain.example.com 143
Trying 7.6.5.4...
Connected to domain.example.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LOGINDISABLED NAMESPACE IDLE AUTH=CRAM-MD5 STARTTLS] Twisted IMAP4rev1 Ready
01 authenticate cram-md5
+ bk04TXh3SURQSlJVNGlZbENRUkZWVmVMRXFEeEJWUzA=
^]
telnet> z

[1]+ Stopped telnet domain.example.com 143
exarkun@boson:~$ hmac username password bk04TXh3SURQSlJVNGlZbENRUkZWVmVMRXFEeEJWUzA=
eXdpR1k1V0VQdThkQ2NnSkdVS2xRTE5CQnl6cWZacWI=

exarkun@boson:~$ fg
telnet domain.example.com 143
eXdpR1k1V0VQdThkQ2NnSkdVS2xRTE5CQnl6cWZacWI=
01 OK Authentication successful
02 logout
* BYE Nice talking to you
02 OK LOGOUT successful
Connection closed by foreign host.

Perhaps telnet and IMAP4 are not as incompatible as one may otherwise have been led to believe...

Friday, October 8, 2004

In Theory, My Ass

I hate it when people say "in theory" when they really mean "I have no idea what I'm talking about". Cut it out. Don't say "in theory" unless there is an actual theory which predicts what you are about to say. If you don't know what you're talking about, say "I don't know what I'm talking about".