OT: migrate email users from FC2 to Centos?
Jon Radel
jon at radel.com
Sun Feb 4 06:26:37 CET 2007
Chris Yuzik wrote:
>
> I tested with a sample account and the same password appears very
> differently in the passwd files on the two systems. For example, the
> same password "asdf" appears as this:
>
> FC2 box: $1$jGZoIM.O$uuiSTyDSdRx000EhzA.gi1
> Centos box: $1$70559337$sp1596qcHpI06I2lH1fhI0
>
> I would really rather not have to go through the hassle and
> inconvenience creating new passwords for everyone and manually changing
> the users' email client settings. Does anyone know of a utility or
> script that can convert passwords from Fedora to Centos?
Not needed. Suggest you copy your FC2 entry above to the CentOS just to
convince yourself. Then set two accounts on FC2 to the same password
and compare the hashes on those.
Google on "MD5 salt" for info on what is happening. Short version: If
the same password always gave the same MD5 hash, an attacker would
simply build a dictionary of the hash resulting from all "common"
passwords, do a simple lookup of each entry from your /etc, and probably
own your box in mere seconds. It would also be possible to tell if two
people had the same password because they'd have the same hash. All
very bad. So you use what are supposed to be 8 random characters to
"salt" the hash. It drastically slows certain attacks.
Very short version:
$1$jGZoIM.O$ <> $1$70559337$
--Jon Radel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2828 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070204/928dddd8/smime.bin
More information about the MailScanner
mailing list