Re: [vchkpw] Password format?
On Aug 18, 2005, at 3:53 PM, Rick Macdougall wrote: Now the question that was originally asked I believe was if the MD5 encrypted passwords are compatible with an MD5 hash. My answer is I don't know :) A quick test would be to take an MD5 encrypted password from vpopmail, strip off the $1$ and use that as your comparison against a standard MD5 hash. I don't know about an MD5 hash in other programs, but CRAM-MD5 for SMTP AUTH incorporates different information (the challenge) into the hash each time, so you need to have the cleartext password. If you turn on cleartext passwords and password learning, if a user authenticates with their cleartext password (typically pop3), vpopmail can learn it and add it to the database. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ You don't need a laptop to troubleshoot high-speed Internet: sniffter.com
Re: [vchkpw] Password format?
Ken Jones wrote: David Erickson wrote: So since it uses crypt, which isn't md5, there is no way for me to convert it to an md5. I guess the best thing to do then is just to store the pw's as plain text, then convert them to whatever I need to, to operate with my other systems? Or is there a patch to have vpopmail store them as md5's? Right, crypt uses DES. I had that confused with MD5. For the smtp auth, that requires MD5, we store the clear text password. I'm not aware of anyone who's written code to use MD5 encrypted passwords. E, The old crypt function used DES, the new crypt function uses MD5. Vpopmail will authenticate against either type stored in the vpasswd file (or mysql table). It can do this because all MD5 encrypted passwords start with $1$, if it doesn't then it's the old DES standard. Now the question that was originally asked I believe was if the MD5 encrypted passwords are compatible with an MD5 hash. My answer is I don't know :) A quick test would be to take an MD5 encrypted password from vpopmail, strip off the $1$ and use that as your comparison against a standard MD5 hash. Regards, Rick
Re: [vchkpw] Password format?
David Erickson wrote: So since it uses crypt, which isn't md5, there is no way for me to convert it to an md5. I guess the best thing to do then is just to store the pw's as plain text, then convert them to whatever I need to, to operate with my other systems? Or is there a patch to have vpopmail store them as md5's? Right, crypt uses DES. I had that confused with MD5. For the smtp auth, that requires MD5, we store the clear text password. I'm not aware of anyone who's written code to use MD5 encrypted passwords. Ken -David -Original Message- From: Ken Jones [mailto:[EMAIL PROTECTED] Sent: Thursday, August 18, 2005 2:56 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] Password format? David Erickson wrote: Hi we are using vpopmail 5.4.6 with mysql for virtual domains. I was trying to look at the source for how the passwords are crypted, I'm new to this but it looked like they are encrypted (with salt) md5 hashes? I was wondering if there is anyway to convert them to a normal md5 digest for use in other programs? It uses the standard unix crypt() function call. Most systems now days use MD5 so the password should start with a $1$ Ken Jones -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.12/77 - Release Date: 8/18/2005
RE: [vchkpw] Password format?
So since it uses crypt, which isn't md5, there is no way for me to convert it to an md5. I guess the best thing to do then is just to store the pw's as plain text, then convert them to whatever I need to, to operate with my other systems? Or is there a patch to have vpopmail store them as md5's? -David > -Original Message- > From: Ken Jones [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 18, 2005 2:56 PM > To: vchkpw@inter7.com > Subject: Re: [vchkpw] Password format? > > David Erickson wrote: > > Hi we are using vpopmail 5.4.6 with mysql for virtual domains. I was > trying > > to look at the source for how the passwords are crypted, I'm new to this > but > > it looked like they are encrypted (with salt) md5 hashes? I was > wondering > > if there is anyway to convert them to a normal md5 digest for use in > other > > programs? > > It uses the standard unix crypt() function call. > Most systems now days use MD5 so the password should > start with a $1$ > > Ken Jones > > -- > No virus found in this incoming message. > Checked by AVG Anti-Virus. > Version: 7.0.338 / Virus Database: 267.10.12/77 - Release Date: 8/18/2005 >
Re: [vchkpw] Password format?
David Erickson wrote: Hi we are using vpopmail 5.4.6 with mysql for virtual domains. I was trying to look at the source for how the passwords are crypted, I'm new to this but it looked like they are encrypted (with salt) md5 hashes? I was wondering if there is anyway to convert them to a normal md5 digest for use in other programs? It uses the standard unix crypt() function call. Most systems now days use MD5 so the password should start with a $1$ Ken Jones