On Aug 27, 2004, at 2:29 PM, Jeremy Kister wrote:
Here's a patch I'm adding to vpopmail to fall back to using a non-MD5
salt if the host's crypt() doesn't handle MD5.
+ if (tmpstr[2] != '$') {

I know less than nothing about C, but shouldnt that be: 'if (tmpstr[0] ==
'$') {' ?

In an MD5-encrypted password, the salt will start with $1$. If you push that salt into a DES-encrypted password, it will only use the first two characters (and the third will become something other than $).

So, the test tells you that what you thought would be an MD5-encrypted password was actually DES-encrypted.

A compile-time test is a good idea though -- I'll try to add it as a Feature Request on SourceForge so we don't forget about it. If you have a SF account, feel free to make the request yourself.

Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/

Reply via email to