OT: migrate email users from FC2 to Centos?
Glenn Steen
glenn.steen at gmail.com
Mon Feb 5 10:26:12 CET 2007
On 04/02/07, Chris Yuzik <itdept at fractalweb.com> wrote:
> Jon Radel wrote:
> > Not needed. Suggest you copy your FC2 entry above to the CentOS just to
> > convince yourself. Then set two accounts on FC2 to the same password
> > and compare the hashes on those.
> >
> > Google on "MD5 salt" for info on what is happening. Short version: If
> > the same password always gave the same MD5 hash, an attacker would
> > simply build a dictionary of the hash resulting from all "common"
> > passwords, do a simple lookup of each entry from your /etc, and probably
> > own your box in mere seconds. It would also be possible to tell if two
> > people had the same password because they'd have the same hash. All
> > very bad. So you use what are supposed to be 8 random characters to
> > "salt" the hash. It drastically slows certain attacks.
> >
> > Very short version:
> >
> > $1$jGZoIM.O$ <> $1$70559337$
> Jon,
>
> Thank you. This makes perfect sense. I appreciate the quick response.
>
> Chris
If you want another short explanation of all the various formats
(well, er, the two different...:-) your passwords can take, see "man
crypt" on your system. The MD5 passwords/salt (the $1$<salt>$ string)
is a GNU extension, so the only thing you'd need convince yourself
about is that the system you are moving to can handle that (all
semi-modern Linix distros do...:).
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list