setting encrypted password for a user

M. V. bored_to_death85 at yahoo.com
Tue Dec 24 09:23:08 UTC 2013 

Hi,
thank you for your answers,

so if we can't set password by just having MD5, I have to change the sender program to calculate and send hash of the passwords using salt. thus:
- ...does anyone know how "salt" is being used in FreeBSD 
crypt for encryption? is it a simple concatenation,etc or it's more 
complex than that?

thank you.




On Monday, December 23, 2013 6:20 AM, "Teske, Devin" <Devin.Teske at fisglobal.com> wrote:
 

>On Dec 22, 2013, at 4:55 PM, RW wrote:
>
>> On Sun, 22 Dec 2013 05:47:08 +0000
>> Teske, Devin wrote:
>> 
>>> 
>>> On Dec 21, 2013, at 9:36 PM, M. V. wrote:
>>> 
>>>> hello,
>>>> 
>>>> I'm using FreeBSD-8.2. I have a program which sends "MD5 
>>>> of the new password" of a user to me, and I want to reset user's
>>>> password with it. I realized I can use "chpass" to set encrypted
>>>> password for a user, but it needs salt and I couldn't make it work
>>>> without it. so I wanted to know:
>>>> - can I set user's password in FreeBSD if I have only MD5 of the
>>>> password? how?
>>>> 
>>> 
>>> echo 'MD5-HASH' | pw usermod username -H 0
>> 
>> Presumably that's  just a way inserting the salted hash. If
>> you simply have the md5 of a password it shouldn't be possible to
>> create a password entry.
>
>RW is correct, if what is sent to you does not look like "$1$blah$moreblah"
>then you don't have a hash, but a digest. You cannot turn a digest into a
>hash because that would require getting at the data that was digested.
>
>The ``echo ... | pw ...'' command I gave is only going to work if you have a
>hash (looks like "$1$blah$moreblah") and not a digest (looks like "blah").
>-- 
>Devin
>
>_____________
>The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
>
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>

More information about the freebsd-questions mailing list