On 2010.05.18 06:01, Mihamina Rakotomandimby wrote: >> Sam Varshavchik <[email protected]> : >>> - the POP or IMAP server crypt()'s the user entered password >>> - the POP or IMAP server compares crypt()'d ones and gives his >>> response >> This is a correct description. > > I read that crypt() require a "salt". > crypt() is called: > encrypted_pass = crypt("a_salt", "the_clear_pass") > > If "a_salt" or "the_clear_pass" is different, the "encrypted_pass" will > be different. > > Therefore, the salt used to initially encrypt the password must be the > same that the one used to generate the user entered one. > > How to they use the same salt? >
The salt is present in the encrypted password: - first two characters if traditional crypt(3) is used - text between 2nd and 3rd $ if md5 or sha schemas are used So, if we have encrypted password with whom to compare, we take required part of this crypted password, and use this part as a salt to encrypt clear text password. -- Aidas Kasparas IT administrator GM Consult Group, UAB +370 686 08473 http://www.gmc.lt ------------------------------------------------------------------------------ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
