what encryption is used by Cyrus to encrypt passwords?
Aleksandar Milivojevic
alex at milivojevic.org
Wed Mar 15 11:44:11 EST 2006
Quoting Tomasz Chmielewski <mangoo at wpkg.org>:
> What encryption is used by Cyrus?
>
> When I look into MySQL database, the password look like that:
>
> abcDe12FGHiJK
>
> So it's 13 characters.
>
> What encryption is it?
Cyrus doesn't use any encryption to store passwords. Actually, it
doesn't store passwords at all. It simply uses some backend to
authenticate users. The encryption (if any) is whatever that backend
uses. Looking at the above, it's most likely that you have setup MySQL
backend to use ancient (and more or less easy to brute force) Unix
crypt algorithm. First two chars are salt, and the rest is some kind
of hash obtained using DES encryption and first 8 bytes of user's
password (with 8th bit stripped) as key. See manual page for crypt for
more details.
--
See Ya' later, alligator!
http://www.8-P.ca/
More information about the Info-cyrus
mailing list