On Thu, Oct 07, 2004 at 01:29:29PM -0300, Bruno Negr�o wrote: > >No, it wouldn't because MD5 (as well as SHA and others) is a one-way > >encryption, that means it just makes a (almost) unique string out of an > >input string. There's no way to decrypt that hash back into the input > >string (if we leave out a brute-force attack, which is always possible). > >If you use MD5 passwords, the password will be encrypted once and written > >to the directory, and when you try to login, the password you try to > >login with will be encrypted also and the two encrypted MD5-hashes will > >be compared - if they're equal, your login is correct - without ever > >using the cleartext password. > > Hi Philipp, thank you very much for this explanation. > > And which is the utility you use to create the MD5 encrypted string? Does > your operating system provide a command for this? >
You can use "digest" that comes with the qmail-ldap patch. Normaly you find it in /var/qmail/bin/digest. -- :wq Claudio
