1 (edited by rustam.r.zaripov 2014-10-22 22:39:19)

Topic: User password encryption method

======== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu 12.04
- Related log if you're reporting an issue:
====
I am adding new user in database using sql query with MD5 for encryption and getting password like this 078bbb4bf0f7117fb131ec45f15b5b87. But iredadmin encrypts password in this form $1$PXKFd87T$9uJR1xJcxEImiJQHsUOsR0. So what I should to do to make my encrypted password like iredadmin version.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: User password encryption method

Check this tutorial: Password hashes. http://www.iredmail.org/docs/password.hashes.html

3

Re: User password encryption method

So {PLAIN-MD5}078bbb4bf0f7117fb131ec45f15b5b87 == $1$PXKFd87T$9uJR1xJcxEImiJQHsUOsR0 for system in my example.
But is there way to find out what algorithm and salt is used to make correct salted md5 for setting it in database?

4

Re: User password encryption method

iRedMail will prefix the algorithm name in password hash, e.g. {SSHA}, {SSHA512}, etc. Some password hashes don't contain this prefix, e.g. MD5 is identified by the password prefix like '$1$xxxxxxxx$...', and BCRYPT contains '$2a$...' or '$2b$...' prefix.

MD5 salt is random string. You should do some homework with Google.

5 (edited by rustam.r.zaripov 2014-10-23 18:58:21)

Re: User password encryption method

ZhangHuangbin wrote:

You should do some homework with Google.

Seems so. I realized how it work.
Thank you, ZhangHuangbin.