Security implementation

Passwords

User password is hashed with bcrypt, using 12 rounds. Password is stored in the user entry in the users database.

2FA

Wild Duck generates random TOTP seed tokens. These are encrypted (aes192) on storage with an application configured master password. Encrypted TOTP seed is stored in the user entry in the users database.

If 2FA is enabled then account password can only be used for the "master" scope but not for IMAP, POP3 or SMTP. In these cases the user must generate an Application Specific Password for the required scope(s).

Application Specific Passwords

Application Specific Passwords are 16 byte random strings, consisting of lowercase latin characters. ASPs are stored as asp entries in the users database.

ASPs are hashed with bcrypt, using 12 rounds. Additionally the 4 first symbols of the ASP are hashed with md5. This is needed to detect potential ASPs when authenticating (user password is compared against only these ASPs that have a matching md5 hash of the 4 first characters).

ASPs have a scope set (an array of strings). When authenticating then the authentication only succeeds if the requested scope matches. ASP can never be used for the "master" scope, this scope is only allowed for the account password.

Authentication rate limiting

Both password and TOTP checks are rate limited. By default it is allowed to make 5 invalid password authentications in 60 seconds until the account is locked for the rest of the 60 second window. TOTP checks are counted separately, there are allowed 6 invalid checks in 180 second window. Successful authentication clears rate limiting values for that account.

PGP

Wild Duck is able to encrypt all added messages with users public PGP key, this includes messages received via LMTP, messages uploaded from IMAP (Drafts, Sent Mail) and messages uploaded by the MSA.