[qmailadmin] Password encryption
I am still unable to determine how my mail server is encrypting passwords. An example encrypted password is: $1$AaAkCUIr$tq.YJ2hHJDQ56Zbgg83eh1 I need to be able to query the mysql db to authenticate the user via the encrypted password above. Please help Thanks Robert
Re: [qmailadmin] Password encryption
- Original Message - From: [EMAIL PROTECTED] I am still unable to determine how my mail server is encrypting passwords. An example encrypted password is: $1$AaAkCUIr$tq.YJ2hHJDQ56Zbgg83eh1 I need to be able to query the mysql db to authenticate the user via the encrypted password above. Please help I have compiled some information on this subject here : http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm#CREATE_MAILBOX_VIA_SQL Michael.
Re: [qmailadmin] Password encryption
On Friday 10 December 2004 07:24 pm, [EMAIL PROTECTED] wrote: Thanks for the reply, the problem though is if you crypt the current password it does not turn out like the encrypted password above. I get different results when using the function from the link you provided. This is the password I get when I encrypt the same password in the original email: $1$34201110$1qOlP6BW44jKvA66l7q7F0 and if I refresh it: $1$20202818$O9l6HCdGD19SqriwI8F4k0 right, it uses a different randomly generated hash to encrypt the password with, that way passwords that are the same do not have the same encrypted value. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpbBOWpkU6fS.pgp Description: PGP signature
Re: [qmailadmin] Password encryption
Hmm. Interesting, I changed the password in mysql and the old password still works. I even made it blank, it still authenticates me correctly. Every account I create shows up in mysql table, am I doing something wrong? Do I have to update password in 2 places? Robert Thanks for the reply, the problem though is if you crypt the current password it does not turn out like the encrypted password above. I get different results when using the function from the link you provided. This is the password I get when I encrypt the same password in the original email: $1$34201110$1qOlP6BW44jKvA66l7q7F0 and if I refresh it: $1$20202818$O9l6HCdGD19SqriwI8F4k0 Any ideas? Thanks Robert - Original Message - From: [EMAIL PROTECTED] I am still unable to determine how my mail server is encrypting passwords. An example encrypted password is: $1$AaAkCUIr$tq.YJ2hHJDQ56Zbgg83eh1 I need to be able to query the mysql db to authenticate the user via the encrypted password above. Please help I have compiled some information on this subject here : http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm#CREATE_MAILBOX_VIA_SQL Michael.
Re: [qmailadmin] Password encryption
[EMAIL PROTECTED] wrote: I am still unable to determine how my mail server is encrypting passwords. An example encrypted password is: $1$AaAkCUIr$tq.YJ2hHJDQ56Zbgg83eh1 I need to be able to query the mysql db to authenticate the user via the encrypted password above. Please help crypt() with md5
Re: [qmailadmin] Password encryption
On Dec 10, 2004, at 5:24 PM, [EMAIL PROTECTED] wrote: Thanks for the reply, the problem though is if you crypt the current password it does not turn out like the encrypted password above. I get different results when using the function from the link you provided. This is the password I get when I encrypt the same password in the original email: $1$34201110$1qOlP6BW44jKvA66l7q7F0 and if I refresh it: $1$20202818$O9l6HCdGD19SqriwI8F4k0 That's expected. The first 11 (or so) characters are random data called the salt. The actual password (encoded using the salt) appears after the salt. This is done to make it more difficult to build a dictionary of encrypted passwords. Any given cleartext password can have a large number of possible encrypted versions. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
