Re: [vchkpw] Password format?

2005-08-18 Thread Ken Jones

David Erickson wrote:

Hi we are using vpopmail 5.4.6 with mysql for virtual domains.  I was trying
to look at the source for how the passwords are crypted, I'm new to this but
it looked like they are encrypted (with salt) md5 hashes?  I was wondering
if there is anyway to convert them to a normal md5 digest for use in other
programs?


It uses the standard unix crypt() function call.
Most systems now days use MD5 so the password should
start with a $1$

Ken Jones



RE: [vchkpw] Password format?

2005-08-18 Thread David Erickson
So since it uses crypt, which isn't md5, there is no way for me to convert
it to an md5.  I guess the best thing to do then is just to store the pw's
as plain text, then convert them to whatever I need to, to operate with my
other systems?  Or is there a patch to have vpopmail store them as md5's?

-David

 -Original Message-
 From: Ken Jones [mailto:[EMAIL PROTECTED]
 Sent: Thursday, August 18, 2005 2:56 PM
 To: vchkpw@inter7.com
 Subject: Re: [vchkpw] Password format?
 
 David Erickson wrote:
  Hi we are using vpopmail 5.4.6 with mysql for virtual domains.  I was
 trying
  to look at the source for how the passwords are crypted, I'm new to this
 but
  it looked like they are encrypted (with salt) md5 hashes?  I was
 wondering
  if there is anyway to convert them to a normal md5 digest for use in
 other
  programs?
 
 It uses the standard unix crypt() function call.
 Most systems now days use MD5 so the password should
 start with a $1$
 
 Ken Jones
 
 --
 No virus found in this incoming message.
 Checked by AVG Anti-Virus.
 Version: 7.0.338 / Virus Database: 267.10.12/77 - Release Date: 8/18/2005
 



Re: [vchkpw] Password format?

2005-08-18 Thread Ken Jones

David Erickson wrote:

So since it uses crypt, which isn't md5, there is no way for me to convert
it to an md5.  I guess the best thing to do then is just to store the pw's
as plain text, then convert them to whatever I need to, to operate with my
other systems?  Or is there a patch to have vpopmail store them as md5's?



Right, crypt uses DES. I had that confused with MD5.
For the smtp auth, that requires MD5, we store the clear text password.

I'm not aware of anyone who's written code to use MD5 encrypted passwords.

Ken


-David



-Original Message-
From: Ken Jones [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 18, 2005 2:56 PM
To: vchkpw@inter7.com
Subject: Re: [vchkpw] Password format?

David Erickson wrote:


Hi we are using vpopmail 5.4.6 with mysql for virtual domains.  I was


trying


to look at the source for how the passwords are crypted, I'm new to this


but


it looked like they are encrypted (with salt) md5 hashes?  I was


wondering


if there is anyway to convert them to a normal md5 digest for use in


other


programs?


It uses the standard unix crypt() function call.
Most systems now days use MD5 so the password should
start with a $1$

Ken Jones

--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.12/77 - Release Date: 8/18/2005








Re: [vchkpw] Password format?

2005-08-18 Thread Rick Macdougall

Ken Jones wrote:


David Erickson wrote:

So since it uses crypt, which isn't md5, there is no way for me to 
convert
it to an md5.  I guess the best thing to do then is just to store the 
pw's
as plain text, then convert them to whatever I need to, to operate 
with my
other systems?  Or is there a patch to have vpopmail store them as 
md5's?




Right, crypt uses DES. I had that confused with MD5.
For the smtp auth, that requires MD5, we store the clear text password.

I'm not aware of anyone who's written code to use MD5 encrypted 
passwords.


E,

The old crypt function used DES, the new crypt function uses MD5.  
Vpopmail will authenticate against either type stored in the vpasswd 
file (or mysql table).


It can do this because all MD5 encrypted passwords start with $1$, if it 
doesn't then it's the old DES standard.


Now the question that was originally asked I believe was if the MD5 
encrypted passwords are compatible with an MD5 hash.  My answer is I 
don't know :)  A quick test would be to take an MD5 encrypted password 
from vpopmail, strip off the $1$ and use that as your comparison against 
a standard MD5 hash.


Regards,

Rick



Re: [vchkpw] Password format?

2005-08-18 Thread Tom Collins

On Aug 18, 2005, at 3:53 PM, Rick Macdougall wrote:
Now the question that was originally asked I believe was if the MD5 
encrypted passwords are compatible with an MD5 hash.  My answer is I 
don't know :)  A quick test would be to take an MD5 encrypted password 
from vpopmail, strip off the $1$ and use that as your comparison 
against a standard MD5 hash.


I don't know about an MD5 hash in other programs, but CRAM-MD5 for SMTP 
AUTH incorporates different information (the challenge) into the hash 
each time, so you need to have the cleartext password.


If you turn on cleartext passwords and password learning, if a user 
authenticates with their cleartext password (typically pop3), vpopmail 
can learn it and add it to the database.


--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet: 
sniffter.com