Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Oct 2019 14:14:07 +0100
From:      =?UTF-8?Q?Stefan_E=c3=9fer?= <se@freebsd.org>
To:        freebsd-hackers@freebsd.org
Subject:   Re: converting password hashes
Message-ID:  <6bc3f2ec-0b2b-bbcc-2636-7130f8567bb4@freebsd.org>
In-Reply-To: <1A7D3067-D5D6-47A0-9F42-FCBF8A1A856D@transactionware.com>
References:  <alpine.BSF.2.20.1910291310310.72617@puchar.net> <1A7D3067-D5D6-47A0-9F42-FCBF8A1A856D@transactionware.com>

next in thread | previous in thread | raw e-mail | index | archive | help


On 29.10.19 13:49, Jan Martin Mikkelsen wrote:
>> On 29 Oct 2019, at 13:13, Wojciech Puchar <wojtek@puchar.net> wrote:
>>
>> i want to convert accouts from one system where there was mail-only accounts using dovecot/postfix based system and SQL tables to my system, where accounts are real unix accounts - that do mail and other things.
>>
>> I don't know all people's plaintext passwords, and i don't need to and want to, but i want new accounts to work with the same passwords
>>
>> in SQL tables there are entries like this:
>>
>> $1$aab7638c$Cn7BA/oU4mzr0QltXzV7Z0
>>
>> and these works by simple cut and paste to /etc/master.passwd file
>>
>>
>> but there are entries like:
>>
>> {PLAIN-MD5}c575f55800a549930b9063b43af04f47
>>
>> that doesn't
>>
>>
>> is there a way to make it work without contacting over hundred people and telling them what new password they have?
> 
> If it is just MD5 with no salt, I suspect substituting “$1$$” for the “{PLAIN_MD5}” would be sufficient.

I have not checked the code, this might even work (if there is no check
for a non-empty hash).

But the plain MD5 hashes have to be converted from hex to base64, too,
since that is the expected encoding for $1$ password entries ...

Regards, STefan



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6bc3f2ec-0b2b-bbcc-2636-7130f8567bb4>