Date: Fri, 2 Jul 2004 10:41:46 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Frank Altpeter <frank@altpeter.de>, freebsd-questions@freebsd.org Subject: Re: Converting crypted passwords Message-ID: <20040702094146.GB83255@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <20040702083214.GA26226@murphy.planlos.de> References: <20040702083214.GA26226@murphy.planlos.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--NMuMz9nt05w80d4+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jul 02, 2004 at 10:32:14AM +0200, Frank Altpeter wrote:
> Given is a system with md5 style passwords like that:
>=20
> $1$d61CkkOZ$BE/TofmL5h9gtfxKI6Vcy1
>=20
> (This can be generated by "openssl passwd -1 -salt d61CkkOZ test")
>=20
> Without knowing the password, i need to convert it to base64 encoded
> binary md5 digest style for using with ProFTP+mod_sql:
>=20
> {md5}CY9rzUYh03PK3k6DJie09g=3D=3D
>=20
> (This can be generated by "printf '{md5}' ; printf 'test' | openssl dgst =
-binary -md5 | openssl enc -base64").
>=20
>=20
> The problem i have to solve is, how to convert the first encryption
> type into the second encryption type without having the plaintext
> password in between.
I don't think that's actually possible without knowing the plaintext
of the password. Besides, the standard system password is the md5
hash of a different quantity to the other md5 hash -- since the system
md5 password style includes that extra random salt and the other
apparently doesn't. That means that one encrypts 'salt + password'
and the other encrypts just 'password', so there isn't some sort of
mechanical format translation you can do to go from one to the other.
One alternative you might want to look at is if ProFTP+mod_sql
supports a {crypt} style of password. Now, that will probably default
to the old style DES password crypttext, but supposing that it passes
everything through to the system crypt(3) function, you might just be
able to use an md5 style crypt in there, which you can simply
cut'n'paste from the master.passwd file. You'll have to experiment.
Cheers,
Matthew=09
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--NMuMz9nt05w80d4+
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFA5S3aiD657aJF7eIRAupOAKCn+gGl2fj8xqh/Cnkz/FGRf7S7ewCgmzgw
DcIHP7+PQx4i/Tv6Gzr9iLs=
=uA/L
-----END PGP SIGNATURE-----
--NMuMz9nt05w80d4+--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040702094146.GB83255>