On 5/1/20 1:55 PM, Loren Wilton wrote:
You should be able to catch these with a single custom rule along the lines ofheader STOLEN_PASSWORD Subject =~ /old_password/ score STOLEN_PASSWORD 10
I'd pondered doing such.But I dislike the fact that the (compromised) password is stored in clear text and wonder about collision with other people using the same password (or strings of characters).
Is there any way to compare hashed strings of text? E.g. take each word from a message (header or body), hash it and look for a match of the hashed password?
I feel like storing any password in clear text, previously compromised or not, is a Bad Idea™.
I would also want to have some way to associate the (hashed) password with a specific account to avoid collisions for other accounts that might not have been compromised.
I don't know if it would be able to create the granularity that I want with a meta-rule. Something that matches the account name (or some other similar identifier) and then check the hashed password.
I also don't know that I would want the overhead of hashing every word in messages unless they were otherwise suspicious enough to warrant such in depth scrutiny.
Note: Everywhere I say "hash", I would really like to see salted and hashed.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
