what encryption is used by Cyrus to encrypt passwords?

Aleksandar Milivojevic alex at milivojevic.org
Wed Mar 15 11:44:11 EST 2006

Quoting Tomasz Chmielewski <mangoo at wpkg.org>:

> What encryption is used by Cyrus?
> When I look into MySQL database, the password look like that:
> abcDe12FGHiJK
> So it's 13 characters.
> What encryption is it?

Cyrus doesn't use any encryption to store passwords.  Actually, it 
doesn't store passwords at all.  It simply uses some backend to 
authenticate users.  The encryption (if any) is whatever that backend 
uses.  Looking at the above, it's most likely that you have setup MySQL 
backend to use ancient (and more or less easy to brute force) Unix 
crypt algorithm.  First two chars are salt, and the rest is some kind 
of hash obtained using DES encryption and first 8 bytes of user's 
password (with 8th bit stripped) as key.  See manual page for crypt for 
more details.

See Ya' later, alligator!

More information about the Info-cyrus mailing list