SIGNUP_ENCRYPT_PASSWORDS
Platforms
All
Abstract
Boolean value determining whether or not personal LISTSERV passwords are encrypted in the SIGNUP files. Available in and turned ON by default starting with 15.5. SEE NOTE AND DOCUMENTED RESTRICTION, BELOW.
Example
z/VM: |
SIGNUP_ENCRYPT_PASSWORDS = 0 |
Unix: |
SIGNUP_ENCRYPT_PASSWORDS=0 export SIGNUP_ENCRYPT_PASSWORDS |
Windows: |
SIGNUP_ENCRYPT_PASSWORDS=0 |
Details
LISTSERV supports (and has enabled by default) password encryption for its SIGNUP files.
In LISTSERV 16.5 and following, all new LISTSERV password records are generated with 256-bit SHA-2 hashing and strong random-number generation (cryptographic RNG) by default. Login tickets are also now generated using cryptographic RNG.
Notes: Existing passwords hashed with SHA-1 will not be rehashed with SHA-2 unless and until the user changes his or her password. This is because LISTSERV does not have the password available to rehash – it stores only the hash itself. The use of SHA-2 family hash functions is recommended for US federal agencies by NIST (see NIST Special Publication 800-131A Revision 2, which is the current version of NIST's guidance as of the release of this document). Once implemented, SHA-2 hashing cannot be reversed, but all LISTSERV versions since 16.0-2014a understand both SHA-1 and SHA-2 hashes. |
DOCUMENTED RESTRICTION FOR LISTSERV PRIOR TO VERSION 15.5: Upgrading an older server to the current version of LISTSERV will encrypt the passwords in your SIGNUP files, which is not backward-compatible with earlier versions of LISTSERV. If you are upgrading to the current version from an earlier version, it is STRONGLY RECOMMENDED that you make a full backup of your LISTSERV installation before upgrading, OR that you disable this feature in your site configuration file BEFORE you upgrade to the current version if you believe that you may have to roll back to the earlier version. (Earlier versions of LISTSERV will simply ignore the setting at start time, so it is safe to do this.) |
Password encryption can be disabled by setting the site configuration variable SIGNUP_ENCRYPT_PASSWORDS (Boolean) to 0. This can be done prior to upgrading, if desired.
When SIGNUP_ENCRYPT_PASSWORDS is set to 0, everything works as before - passwords are kept in plain text, they can be queried with PWC QUERY, and so forth.
When SIGNUP_ENCRYPT_PASSWORDS is set to 1, all SIGNUP entries with a password will be irreversibly encrypted. Newly created passwords will be encrypted, and PWC QUERY will still work, but it will no longer tell you what the password is. The initial encryption process happens as part of the regular SIGNUP file compression. If you have a lot of passwords, then the initial compression will take a bit longer to complete.
If you then return to SIGNUP_ENCRYPT_PASSWORDS=0, encrypted passwords will continue to work and PWC QUERY will continue to not show them, while passwords created after disabling encryption will be in plain text, and PWC QUERY will show them to you. There is no way to recover the one-way encrypted passwords. Either the user must use PW REP or the LISTSERV administrator must use PWC REP and change the password if it is lost.
Tip: L-Soft suggests that best modern practice is to encrypt passwords by default, and for users to use the PW REP command to reset and change their personal LISTSERV password if the need arises. There is no longer any reason for LISTSERV administrators to be able to access (with PWC QUERY) users' personal passwords in any case, given that it is simple for users to change them, and has been for many years. |
Default Value
1, that is, enabled.