OT: migrate email users from FC2 to Centos?
Chris Yuzik
itdept at fractalweb.com
Sun Feb 4 17:27:45 CET 2007
Jon Radel wrote:
> Not needed. Suggest you copy your FC2 entry above to the CentOS just to
> convince yourself. Then set two accounts on FC2 to the same password
> and compare the hashes on those.
>
> Google on "MD5 salt" for info on what is happening. Short version: If
> the same password always gave the same MD5 hash, an attacker would
> simply build a dictionary of the hash resulting from all "common"
> passwords, do a simple lookup of each entry from your /etc, and probably
> own your box in mere seconds. It would also be possible to tell if two
> people had the same password because they'd have the same hash. All
> very bad. So you use what are supposed to be 8 random characters to
> "salt" the hash. It drastically slows certain attacks.
>
> Very short version:
>
> $1$jGZoIM.O$ <> $1$70559337$
Jon,
Thank you. This makes perfect sense. I appreciate the quick response.
Chris
More information about the MailScanner
mailing list