From owner-freebsd-questions@FreeBSD.ORG  Fri Jul  2 09:43:45 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B1E6C16A4CF
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Jul 2004 09:43:45 +0000 (GMT)
Received: from smtp.infracaninophile.co.uk
	(happy-idiot-talk.infracaninophile.co.uk [81.2.69.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E526243D1F
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Jul 2004 09:43:44 +0000 (GMT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1])
	i629fkNC083880
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 2 Jul 2004 10:41:46 +0100 (BST)
	(envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk)
Received: (from matthew@localhost)id i629fku0083879;
	Fri, 2 Jul 2004 10:41:46 +0100 (BST)	(envelope-from matthew)
Date: Fri, 2 Jul 2004 10:41:46 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: Frank Altpeter <frank@altpeter.de>, freebsd-questions@freebsd.org
Message-ID: <20040702094146.GB83255@happy-idiot-talk.infracaninophile.co.uk>
Mail-Followup-To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	Frank Altpeter <frank@altpeter.de>, freebsd-questions@freebsd.org
References: <20040702083214.GA26226@murphy.planlos.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="NMuMz9nt05w80d4+"
Content-Disposition: inline
In-Reply-To: <20040702083214.GA26226@murphy.planlos.de>
User-Agent: Mutt/1.5.6i
X-Greylist: Message not sent from an IPv4 address, not delayed by
	milter-greylist-1.5.3 (smtp.infracaninophile.co.uk [0.0.0.0]); Fri, 02 Jul
	2004 10:41:46 +0100 (BST)
X-Virus-Scanned: clamd / ClamAV version devel-20040612, clamav-milter version
	0.72a	on smtp.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.63
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
	happy-idiot-talk.infracaninophile.co.uk
Subject: Re: Converting crypted passwords
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jul 2004 09:43:45 -0000


--NMuMz9nt05w80d4+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 02, 2004 at 10:32:14AM +0200, Frank Altpeter wrote:


> Given is a system with md5 style passwords like that:
>=20
> $1$d61CkkOZ$BE/TofmL5h9gtfxKI6Vcy1
>=20
> (This can be generated by "openssl passwd -1 -salt d61CkkOZ test")
>=20
> Without knowing the password, i need to convert it to base64 encoded
> binary md5 digest style for using with ProFTP+mod_sql:
>=20
> {md5}CY9rzUYh03PK3k6DJie09g=3D=3D
>=20
> (This can be generated by "printf '{md5}' ; printf 'test' | openssl dgst =
-binary -md5 | openssl enc -base64").
>=20
>=20
> The problem i have to solve is, how to convert the first encryption
> type into the second encryption type without having the plaintext
> password in between.

I don't think that's actually possible without knowing the plaintext
of the password.  Besides, the standard system password is the md5
hash of a different quantity to the other md5 hash -- since the system
md5 password style includes that extra random salt and the other
apparently doesn't.  That means that one encrypts 'salt + password'
and the other encrypts just 'password', so there isn't some sort of
mechanical format translation you can do to go from one to the other.

One alternative you might want to look at is if ProFTP+mod_sql
supports a {crypt} style of password.  Now, that will probably default
to the old style DES password crypttext, but supposing that it passes
everything through to the system crypt(3) function, you might just be
able to use an md5 style crypt in there, which you can simply
cut'n'paste from the master.passwd file.  You'll have to experiment.

	Cheers,

	Matthew=09

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--NMuMz9nt05w80d4+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFA5S3aiD657aJF7eIRAupOAKCn+gGl2fj8xqh/Cnkz/FGRf7S7ewCgmzgw
DcIHP7+PQx4i/Tv6Gzr9iLs=
=uA/L
-----END PGP SIGNATURE-----

--NMuMz9nt05w80d4+--