Converting crypted passwords

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Jul 2 02:43:45 PDT 2004 

On Fri, Jul 02, 2004 at 10:32:14AM +0200, Frank Altpeter wrote:


> Given is a system with md5 style passwords like that:
> 
> $1$d61CkkOZ$BE/TofmL5h9gtfxKI6Vcy1
> 
> (This can be generated by "openssl passwd -1 -salt d61CkkOZ test")
> 
> Without knowing the password, i need to convert it to base64 encoded
> binary md5 digest style for using with ProFTP+mod_sql:
> 
> {md5}CY9rzUYh03PK3k6DJie09g==
> 
> (This can be generated by "printf '{md5}' ; printf 'test' | openssl dgst -binary -md5 | openssl enc -base64").
> 
> 
> The problem i have to solve is, how to convert the first encryption
> type into the second encryption type without having the plaintext
> password in between.

I don't think that's actually possible without knowing the plaintext
of the password.  Besides, the standard system password is the md5
hash of a different quantity to the other md5 hash -- since the system
md5 password style includes that extra random salt and the other
apparently doesn't.  That means that one encrypts 'salt + password'
and the other encrypts just 'password', so there isn't some sort of
mechanical format translation you can do to go from one to the other.

One alternative you might want to look at is if ProFTP+mod_sql
supports a {crypt} style of password.  Now, that will probably default
to the old style DES password crypttext, but supposing that it passes
everything through to the system crypt(3) function, you might just be
able to use an md5 style crypt in there, which you can simply
cut'n'paste from the master.passwd file.  You'll have to experiment.

	Cheers,

	Matthew	

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040702/c36f60ba/attachment.bin

More information about the freebsd-questions mailing list