Re: [vchkpw] UPGRADE to MD5 encryption
On Wednesday 10 September 2003 1:14 pm, Mike Miller wrote: Wondering if someone can answer this for me. I've got maybe 100 domains thus yet using crypt() encryption for passwords, as well as storing clear text [for CRAM-MD5 encryption requiring the password]. If I just install VPOPMAIL with MD5 support, will it detect which domains are crypt and which are MD5? Yes. The crypt() function does that automatically. Some of my domains don't have clear text passwords because they haven't changed them since before I started saving them. Will a simple upgrade make all new passwords MD5 and existing passwords crypt for a slow migration? as passwords get updated? I want to be able to use both at the same time. I have tested that when we first added support to generate MD5 passwords. I tested it against a domain that had both DES and MD5. As far as I know, smtp auth with cram-md5 requires the clear text password. Ken Jones Thoughts? -Mike _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: [vchkpw] UPGRADE to MD5 encryption
On Wed, 10 Sep 2003, Ken Jones wrote: On Wednesday 10 September 2003 1:14 pm, Mike Miller wrote: Wondering if someone can answer this for me. I've got maybe 100 domains thus yet using crypt() encryption for passwords, as well as storing clear text [for CRAM-MD5 encryption requiring the password]. If I just install VPOPMAIL with MD5 support, will it detect which domains are crypt and which are MD5? Yes. The crypt() function does that automatically. This is also somewhat OS dependant. The *BSDs for example have a crypt() that can handle DES, MD5, and Blowfish. I'm successfully using Blowfish (accounts were system account users from OpenBSD) after making the pw_passwd field larger in mysql. Some OSes have a config file for crypt() that will set the default encryption method. man 3 crypt should give some indication of how your OS will behave. Charles Some of my domains don't have clear text passwords because they haven't changed them since before I started saving them. Will a simple upgrade make all new passwords MD5 and existing passwords crypt for a slow migration? as passwords get updated? I want to be able to use both at the same time. I have tested that when we first added support to generate MD5 passwords. I tested it against a domain that had both DES and MD5. As far as I know, smtp auth with cram-md5 requires the clear text password. Ken Jones Thoughts? -Mike _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: [vchkpw] UPGRADE to MD5 encryption
it should, as the md5 holds a salt and it also defines as being MD5 with $1 in the front then $2 for the salt then $ for the rest of the md5 hash, if there isnt any detection in the src it should be added, im to hashed from last nite partying to go over the code, some 1 else do it... k thnx bye - Original Message - From: Mike Miller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 6:14 AM Subject: [vchkpw] UPGRADE to MD5 encryption Wondering if someone can answer this for me. I've got maybe 100 domains thus yet using crypt() encryption for passwords, as well as storing clear text [for CRAM-MD5 encryption requiring the password]. If I just install VPOPMAIL with MD5 support, will it detect which domains are crypt and which are MD5? Some of my domains don't have clear text passwords because they haven't changed them since before I started saving them. Will a simple upgrade make all new passwords MD5 and existing passwords crypt for a slow migration? as passwords get updated? I want to be able to use both at the same time. Thoughts? -Mike _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: [vchkpw] UPGRADE to MD5 encryption
On Wed, 2003-09-10 at 13:30, Charles Sprickman wrote: This is also somewhat OS dependant. The *BSDs for example have a crypt() that can handle DES, MD5, and Blowfish. I'm successfully using Blowfish (accounts were system account users from OpenBSD) after making the pw_passwd field larger in mysql. Some OSes have a config file for crypt() that will set the default encryption method. man 3 crypt should give some indication of how your OS will behave. good info :) Thanks. Learn somethin new every day! -- Jeremy Kitchen Systems Administrator . Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
