Date: Mon, 30 Jun 2008 13:01:50 +0200 From: John <info@....nl> To: john-users@...ts.openwall.com Subject: Password encryption question Hello all, We would like to find out the password encryption/mangling routine for a legacy Windows app for which we would like to port the users to Linux. The application is VopMail (a mail server, now abandonware). We want to migrate all user accounts/passwords to Linux Postfix/Courier. We're a small ISP and these are all our customers for which we also keep FTP passwords etc. We could use a proxy and sniff POP3/IMAP sessions. Alternatively, we could inform all users that they have a new password which is less customer-friendly I believe. Ideal solution would be to find out the encryption or mangling routine. Below I have included a sample of some records I created where VopMail has created the Password1 and Password2 fields. It seems quite weak to me and there are clear patterns in the Password1/Password2 fields. Similar plaintexts generate similar encrypted passwords. However, this is how far I got :-) I am not asking for the final solution, just some pointers into the right direction so I can try to reverse engineer the existing passwords and migrate them to our new platform. Thanks a lot! Cheers, John # Account name, Plaintext, Password1, Password2 a0000000001,as,aeg=,0wca0 a0000000002,aaa,aWpq,0wca3vg== a0000000003,aaerially,b2pO4SFqD4+x,0wca3/mJtHm6Vig== a0000000004,aam,aWoG,0wca39g== a0000000005,aarogramme,aGrhlF/haoYFTg==,0wsW2jmcAYmOS3ao= a0000000006,aaron,aGrhlB4=,0wsW2jmcJ a0000000007,aaronic,aGrhlB4ieA==,0wsW2jmcJ+ts= a0000000008,aarp,bmrh8w==,0wsW2jvA= a0000000009,abacate,bnFq+GnXTg==,0wsWkodbRt/4= a0000000010,abacaxi,bnFq+Gm7Ig==,0wsWkodbRMzo= a0000000011,abacay,bnFq+Gmy,0wsWkodbRIw== a0000000012,abacinate,bnFq+CQdatdN,0wsWkodbZPDlZHg== a0000000013,abacination,bnFq+CQdatchFB0=,0wsWkodbZPDlZVqHN a0000000014,abacisci,bnFq+CPoeKI=,0wsWkodbZqYx/ a0000000015,abaciscus,bnFq+CToeN7r,0wsWkodbZqYz6zQ== a0000000016,abaciscuss,bnFq+CToeN7r6A==,0w8SnrsPMvuefqNo= a0000000017,abacli,bnFq+Awi,0w8SnrsONfg== a0000000018,abacot,bnFq+BfX,0w8SnrsOsyA== a0000000019,abaction,bnFq+NUiFB0=,0w8SnrsOVZgfs a0000000020,abaculi,bnFq+N0PIg==,0w8SnrsOUcXw= a0000000021,abaculus,bnFq+NsP3ug=,0w8SnrsOUcSRU a0000000022,abaculuss,bnFq+NsP3ujr,0w8SnrsOUcSRUYw== a0000000023,abada,bXFqx2k=,0w8SnrtXS a0000000024,abaddon,bXFqx0QUHQ==,0w8SnrtWTYgo= a0000000025,abadejo,bXFqx005FA==,0w8SnrtWScRw= a0000000026,abadengo,bXFqx0wdXJQ=,0xMOmr9aRdBHi a0000000027,abadia,bXFqxyFq,0xMOmr9bZqg== a0000000028,abaff,bHFq1VY=,0xMOmr9Sy a0000000029,abaisance,a3FqouxqHfhN,0xMOmr0J1BmYbXA== a0000000030,abaised,a3FqoutORw==,0xMOmr0J1AkI= a0000000031,abaiser,a3FqoutO4Q==,0xMOmr0J1AjI= a0000000032,abaisse,a3FqouvoTg==,0xMOmr0J1BUA= a0000000033,abaissed,a3Fqou/oTsc=,0xMOmr0J1BUAn : : : -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.