From owner-freebsd-hackers@freebsd.org Tue Oct 29 13:14:10 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D0F731A69D6 for ; Tue, 29 Oct 2019 13:14:10 +0000 (UTC) (envelope-from se@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 472X9G58KRz4VqT; Tue, 29 Oct 2019 13:14:10 +0000 (UTC) (envelope-from se@freebsd.org) Received: from Stefans-MBP-449.fritz.box (p200300CD5F23DA00FC518F8E6EA06116.dip0.t-ipconnect.de [IPv6:2003:cd:5f23:da00:fc51:8f8e:6ea0:6116]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: se/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4CD501DEB5; Tue, 29 Oct 2019 13:14:10 +0000 (UTC) (envelope-from se@freebsd.org) Subject: Re: converting password hashes To: freebsd-hackers@freebsd.org References: <1A7D3067-D5D6-47A0-9F42-FCBF8A1A856D@transactionware.com> From: =?UTF-8?Q?Stefan_E=c3=9fer?= Message-ID: <6bc3f2ec-0b2b-bbcc-2636-7130f8567bb4@freebsd.org> Date: Tue, 29 Oct 2019 14:14:07 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.2.0 MIME-Version: 1.0 In-Reply-To: <1A7D3067-D5D6-47A0-9F42-FCBF8A1A856D@transactionware.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2019 13:14:10 -0000 On 29.10.19 13:49, Jan Martin Mikkelsen wrote: >> On 29 Oct 2019, at 13:13, Wojciech Puchar wrote: >> >> i want to convert accouts from one system where there was mail-only accounts using dovecot/postfix based system and SQL tables to my system, where accounts are real unix accounts - that do mail and other things. >> >> I don't know all people's plaintext passwords, and i don't need to and want to, but i want new accounts to work with the same passwords >> >> in SQL tables there are entries like this: >> >> $1$aab7638c$Cn7BA/oU4mzr0QltXzV7Z0 >> >> and these works by simple cut and paste to /etc/master.passwd file >> >> >> but there are entries like: >> >> {PLAIN-MD5}c575f55800a549930b9063b43af04f47 >> >> that doesn't >> >> >> is there a way to make it work without contacting over hundred people and telling them what new password they have? > > If it is just MD5 with no salt, I suspect substituting “$1$$” for the “{PLAIN_MD5}” would be sufficient. I have not checked the code, this might even work (if there is no check for a non-empty hash). But the plain MD5 hashes have to be converted from hex to base64, too, since that is the expected encoding for $1$ password entries ... Regards, STefan