OT: migrate email users from FC2 to Centos?

Chris Yuzik itdept at fractalweb.com
Sun Feb 4 17:27:45 CET 2007


Jon Radel wrote:
> Not needed.  Suggest you copy your FC2 entry above to the CentOS just to
> convince yourself.  Then set two accounts on FC2 to the same password
> and compare the hashes on those.
>
> Google on "MD5 salt" for info on what is happening.  Short version:  If
> the same password always gave the same MD5 hash, an attacker would
> simply build a dictionary of the hash resulting from all "common"
> passwords, do a simple lookup of each entry from your /etc, and probably
> own your box in mere seconds.  It would also be possible to tell if two
> people had the same password because they'd have the same hash.  All
> very bad.  So you use what are supposed to be 8 random characters to
> "salt" the hash.  It drastically slows certain attacks.
>
> Very short version:
>
> $1$jGZoIM.O$ <> $1$70559337$
Jon,

Thank you. This makes perfect sense. I appreciate the quick response.

Chris


More information about the MailScanner mailing list