On Mon, Jan 28, 2002 at 09:33:52AM +0000, Philip Hazel wrote:
> Someone pointed out recently on the list that there were two different
> ways of representing an MD5-hashed password. Exim uses the way that LDAP
> uses - that's where the requirement originated - which is to represent
> the hash in base-64 code. Apparently, some applications represent it in
> hex instead. I have just added code to the next Exim 4 pre-release to
> recognize this second form for the crypteq operation. You can tell the
> difference by the different lengths (base-64 coded is 24 bytes long, hex
> is 32 bytes long).
> > password:
> > test123
> > courier 'userdb' md5 hashed string:
> > $1$eYrvxTAm$Wz4Wkxe5exy/5VhkuTnYH0
> That is neither base-64 nor hex, being 34 characters long. So I don't
> know what it might be I'm afraid.
This is base64, but salted. The $1$ specifies "MD5" (I think $2$ is the
SHA1 equivalent. `eYrvxTAm' is the salt, and then `Wz4Wkxe5exy/5VhkuTnYH0'
is the hashed password. On FreeBSD, this form is recognised with the
system crypt(3) function.
it appears to do the password, then the string '$1$' then the salt, then
padding of as many characters as are in the password of the MD5 of (pw,
salt,pw). Then it is some form of mixed up base64 (with a different
ordering of the bytes).
On my FreeBSD system, the source file to look at is:
/usr/src/lib/libcrypt/crypt-md5.c
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/
