james-server-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vincenzo.gianferrarip...@praxis.it
Subject Re: Password encryption algorithm.
Date Tue, 04 Mar 2003 20:30:25 GMT
>doesn't md5 use a salt?

MD5 is just a strong *one way* hashing (digest) algorithm, as SHA1 and others. The result
of MD5 is an array of 16 bytes.

If a salt is being used or not depends on the situation.

James does not use a salt.

Does Linux use a salt? I don't know. If the answer is yes, then there is no solution to Javier's

Let's have MD5(pw+salt) -> hashLinux, and MD5(pw) -> hashJames.
Even if I know the salt, as I don't know the password I can't compute hashJames starting from

Instead, if Linux does not use a salt, I have MD5(pw) -> hashLinux = hashJames.

The latter is my case (I have Tomcat sharing user passwords with James); the only difference
is the base representation. Both Tomcat and James can use MD5 or SHA1, but Tomcat uses base-16
and James base-64. I just have to take hashTomcat and convert it to base-64 (and truncate
to 20 chars) to have hashJames.

Maybe some Linux expert in this list can clarify.



To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org

View raw message