You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Javier Storni <ja...@512konline.com.ar> on 2003/02/27 13:54:08 UTC
Password encryption algorithm.
Hi,
Anyone know how to migrate linux md5 passwords to SHA passwords, or other
algorithm supported by james ?
I'm using jdbc users.
Thanks in advance.
Javier Storni
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Password encryption algorithm.
Posted by Vincenzo Gianferrari Pini <vi...@praxis.it>.
I'm sending again because I had some problem with the attachments, that
didn't get sent.
Vincenzo
> -----Original Message-----
> From: Vincenzo Gianferrari Pini
> [mailto:vincenzo.gianferraripini@praxis.it]
> Sent: giovedì 27 febbraio 2003 15.34
> To: James Users List
> Subject: RE: Password encryption algorithm.
>
>
> "Snippet.java" contains a java code snippet invoking the "encodeBytes"
> method in the "Base64" class, contained in the "Base64.java" file. I found
> the latter somewhere on the web, thanks to it's author.
>
> I had to put in the code snippet some "magic" to deal with non significant
> zeroes and truncate to 20 characters (to be consistent with
> james), but that
> may be a need of my implementation.
>
> I did not use the base-64 code used in james (it probably would have been
> more straightforward), as my code runs completely outside of James.
>
> Bye,
>
> Vincenzo
>
> > -----Original Message-----
> > From: Javier Storni [mailto:javier@512konline.com.ar]
> > Sent: giovedì 27 febbraio 2003 14.52
> > To: James Users List
> > Subject: Re: Password encryption algorithm.
> >
> >
> > Yes, I have MD5 linux original passwords.
> > So, I need convert then to base64.
> >
> > Can you send me the code ?
> >
> > Thanks a lot.
> >
> > Javier Storni
> >
> >
> > ----- Original Message -----
> > From: "Vincenzo Gianferrari Pini" <vi...@praxis.it>
> > To: "James Users List" <ja...@jakarta.apache.org>
> > Sent: Thursday, February 27, 2003 10:34 AM
> > Subject: RE: Password encryption algorithm.
> >
> >
> > > It's impossible "by definition" to migrate an md5 digested
> > password to an
> > > SHA digested password, as it would imply that you could break the md5
> > > algorithm.
> > >
> > > What you can do is keeping the md5 password (md5 is supported
> by James),
> > > doing the following for each user:
> > >
> > > 1) set the "pwdAlgorithm" field of the "users" table to "MD5";
> > >
> > > 2) set the "pwdHash" field to the md5 string, converted to base-64.
> > >
> > > Now, I don't know what is the base format used by linux md5, but james
> > uses
> > > base-64 (with some "magic"?). If your original md5 string is in hex
> > > (base-16) as it was my case, I can send you the java code I use, that
> > works.
> > > Let me know.
> > >
> > > Bye,
> > >
> > > Vincenzo
> > >
> > > > Hi,
> > > >
> > > > Anyone know how to migrate linux md5 passwords to SHA passwords, or
> > other
> > > > algorithm supported by james ?
> > > >
> > > > I'm using jdbc users.
> > > >
> > > > Thanks in advance.
> > > >
> > > > Javier Storni
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail: james-user-help@jakarta.apache.org
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: james-user-help@jakarta.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: james-user-help@jakarta.apache.org
> >
>
>
RE: Password encryption algorithm.
Posted by Vincenzo Gianferrari Pini <vi...@praxis.it>.
Hope it will get through now!
Vincenzo
> -----Original Message-----
> From: Noel J. Bergman [mailto:noel@devtech.com]
> Sent: giovedì 27 febbraio 2003 19.56
> To: James Users List
> Subject: RE: Password encryption algorithm.
>
>
> Vincenzo,
>
> Please re-send again, but this time put your code into a TAR, JAR
> or ZIP. I
> don't know why the .java files aren't coming through.
>
> --- Noel
>
> -----Original Message-----
> From: Vincenzo Gianferrari Pini
> [mailto:vincenzo.gianferraripini@praxis.it]
> Sent: Thursday, February 27, 2003 9:34
> To: James Users List
> Subject: RE: Password encryption algorithm.
>
>
> "Snippet.java" contains a java code snippet invoking the "encodeBytes"
> method in the "Base64" class, contained in the "Base64.java" file. I found
> the latter somewhere on the web, thanks to it's author.
>
> I had to put in the code snippet some "magic" to deal with non significant
> zeroes and truncate to 20 characters (to be consistent with
> james), but that
> may be a need of my implementation.
>
> I did not use the base-64 code used in james (it probably would have been
> more straightforward), as my code runs completely outside of James.
>
> Bye,
>
> Vincenzo
>
> > -----Original Message-----
> > From: Javier Storni [mailto:javier@512konline.com.ar]
> > Sent: giovedì 27 febbraio 2003 14.52
> > To: James Users List
> > Subject: Re: Password encryption algorithm.
> >
> >
> > Yes, I have MD5 linux original passwords.
> > So, I need convert then to base64.
> >
> > Can you send me the code ?
> >
> > Thanks a lot.
> >
> > Javier Storni
> >
> >
> > ----- Original Message -----
> > From: "Vincenzo Gianferrari Pini" <vi...@praxis.it>
> > To: "James Users List" <ja...@jakarta.apache.org>
> > Sent: Thursday, February 27, 2003 10:34 AM
> > Subject: RE: Password encryption algorithm.
> >
> >
> > > It's impossible "by definition" to migrate an md5 digested
> > password to an
> > > SHA digested password, as it would imply that you could break the md5
> > > algorithm.
> > >
> > > What you can do is keeping the md5 password (md5 is supported
> by James),
> > > doing the following for each user:
> > >
> > > 1) set the "pwdAlgorithm" field of the "users" table to "MD5";
> > >
> > > 2) set the "pwdHash" field to the md5 string, converted to base-64.
> > >
> > > Now, I don't know what is the base format used by linux md5, but james
> > uses
> > > base-64 (with some "magic"?). If your original md5 string is in hex
> > > (base-16) as it was my case, I can send you the java code I use, that
> > works.
> > > Let me know.
> > >
> > > Bye,
> > >
> > > Vincenzo
> > >
> > > > Hi,
> > > >
> > > > Anyone know how to migrate linux md5 passwords to SHA passwords, or
> > other
> > > > algorithm supported by james ?
> > > >
> > > > I'm using jdbc users.
> > > >
> > > > Thanks in advance.
> > > >
> > > > Javier Storni
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-user-help@jakarta.apache.org
>
RE: Password encryption algorithm.
Posted by "Noel J. Bergman" <no...@devtech.com>.
Vincenzo,
Please re-send again, but this time put your code into a TAR, JAR or ZIP. I
don't know why the .java files aren't coming through.
--- Noel
-----Original Message-----
From: Vincenzo Gianferrari Pini
[mailto:vincenzo.gianferraripini@praxis.it]
Sent: Thursday, February 27, 2003 9:34
To: James Users List
Subject: RE: Password encryption algorithm.
"Snippet.java" contains a java code snippet invoking the "encodeBytes"
method in the "Base64" class, contained in the "Base64.java" file. I found
the latter somewhere on the web, thanks to it's author.
I had to put in the code snippet some "magic" to deal with non significant
zeroes and truncate to 20 characters (to be consistent with james), but that
may be a need of my implementation.
I did not use the base-64 code used in james (it probably would have been
more straightforward), as my code runs completely outside of James.
Bye,
Vincenzo
> -----Original Message-----
> From: Javier Storni [mailto:javier@512konline.com.ar]
> Sent: giovedì 27 febbraio 2003 14.52
> To: James Users List
> Subject: Re: Password encryption algorithm.
>
>
> Yes, I have MD5 linux original passwords.
> So, I need convert then to base64.
>
> Can you send me the code ?
>
> Thanks a lot.
>
> Javier Storni
>
>
> ----- Original Message -----
> From: "Vincenzo Gianferrari Pini" <vi...@praxis.it>
> To: "James Users List" <ja...@jakarta.apache.org>
> Sent: Thursday, February 27, 2003 10:34 AM
> Subject: RE: Password encryption algorithm.
>
>
> > It's impossible "by definition" to migrate an md5 digested
> password to an
> > SHA digested password, as it would imply that you could break the md5
> > algorithm.
> >
> > What you can do is keeping the md5 password (md5 is supported by James),
> > doing the following for each user:
> >
> > 1) set the "pwdAlgorithm" field of the "users" table to "MD5";
> >
> > 2) set the "pwdHash" field to the md5 string, converted to base-64.
> >
> > Now, I don't know what is the base format used by linux md5, but james
> uses
> > base-64 (with some "magic"?). If your original md5 string is in hex
> > (base-16) as it was my case, I can send you the java code I use, that
> works.
> > Let me know.
> >
> > Bye,
> >
> > Vincenzo
> >
> > > Hi,
> > >
> > > Anyone know how to migrate linux md5 passwords to SHA passwords, or
> other
> > > algorithm supported by james ?
> > >
> > > I'm using jdbc users.
> > >
> > > Thanks in advance.
> > >
> > > Javier Storni
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Re: Password encryption algorithm.
Posted by bill parducci <bi...@parducci.net>.
doesn't md5 use a salt?
b
Javier Storni wrote:
> Hi Vincenzo,
>
> I've exported my Linux passwords to James, setting pwdAlgorithm to MD5.
> But doesn't works ....
>
> If anyone did that (export Linux passwords to James user table (JDBC)), cand
> send me some hints ?
>
> Thanks in advance.
>
> Javier Storni
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Re: Password encryption algorithm.
Posted by Javier Storni <ja...@512konline.com.ar>.
Hi Vincenzo,
I've exported my Linux passwords to James, setting pwdAlgorithm to MD5.
But doesn't works ....
If anyone did that (export Linux passwords to James user table (JDBC)), cand
send me some hints ?
Thanks in advance.
Javier Storni
----- Original Message -----
From: "Vincenzo Gianferrari Pini" <vi...@praxis.it>
To: "James Users List" <ja...@jakarta.apache.org>
Sent: Saturday, March 01, 2003 10:04 AM
Subject: RE: Password encryption algorithm.
> Javier,
>
> I am answering you back through the list.
>
> It looks like your linux md5 digested passwords are already in base-64
(the
> BigInteger(x, 16) constructor builds from base-16, that's why you get the
> exception), so no transformation should be done. Just use them directly. I
> need all the transformation because my md5 digests were in hexadecimal
> (base-16).
>
> One thing though: my strings were *not* "linux passwords", so I'm not
> familiar with them; are you sure that they are md5 digests of the user
> passwords (somebody in this list could confirm it, or tell something more
> about)? They seem too long to be an md5 digest in base-64. Anyhow, you
need
> to truncate them to 20 characters, as James wants them that way.
>
> Bye,
>
> Vincenzo
>
> > -----Original Message-----
> > From: Javier Storni [mailto:javier@512konline.com.ar]
> > Sent: venerdì 28 febbraio 2003 18.08
> > To: Vincenzo Gianferrari Pini
> > Subject: Re: Password encryption algorithm attachments
> >
> >
> > Vicenzo,
> >
> > I testing the code that you send me, and I have a problem with my Linux
> > passwords.
> >
> > For example: $1$46359428$xcdb7Q1cWQAwdyDNjQRy81
> >
> > When I send that password as an argument to Bigdecimal( <String>,
> > <int>), I
> > get an exception:
> >
> > Exception in thread "main" java.lang.NumberFormatException: For input
> > string: "$1$Ich"
> >
> > I must make a preprocessing for each password, before convert them to
> > base64. Right ?
> >
> > Your code:
> >
> > *********************************************
> >
> > public String getPwdHash() {
> >
> > if (getPwdHashHex() == null) {
> >
> > return null;
> >
> > }
> >
> >
> > BigInteger bigInteger = new BigInteger( getPwdHashHex() <-- This is
the
> > problem , 16);
> >
> > *******************************************
> >
> > Thanks.
> >
> > Javier Storni
> >
> >
> > ----- Original Message -----
> > From: "Vincenzo Gianferrari Pini" <vi...@praxis.it>
> > To: "Javier Storni" <ja...@512konline.com.ar>
> > Sent: Thursday, February 27, 2003 12:01 PM
> > Subject: RE: Password encryption algorithm attachments
> >
> >
> > > I don't know why they don't get through.
> > >
> > > I will send you the attachments directly.
> > >
> > > Let me know.
> > >
> > > Bye,
> > >
> > > Vincenzo
> > >
> > > > -----Original Message-----
> > > > From: Javier Storni [mailto:javier@512konline.com.ar]
> > > > Sent: giovedì 27 febbraio 2003 15.55
> > > > To: Vincenzo Gianferrari Pini
> > > > Subject: Re: Password encryption algorithm attachments
> > > >
> > > >
> > > > Vicenzo,
> > > >
> > > > I didn't got the attachet file in last message.
> > > > Could you send me again ?
> > > >
> > > > Thanks a lot, again.
> > > >
> > > > Javier
> > > >
> > > > ----- Original Message -----
> > > > From: "Vincenzo Gianferrari Pini"
<vi...@praxis.it>
> > > > To: <ja...@512konline.com.ar>
> > > > Sent: Thursday, February 27, 2003 11:50 AM
> > > > Subject: Password encryption algorithm attachments
> > > >
> > > >
> > > > > Javier, did you receive the attachments? In the message bounced
> > > > back from
> > > > > the list the attachments were missing. Please let me know.
> > > > >
> > > > > Vincenzo
> > > > >
> > > >
> > >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Password encryption algorithm.
Posted by Vincenzo Gianferrari Pini <vi...@praxis.it>.
Javier,
I am answering you back through the list.
It looks like your linux md5 digested passwords are already in base-64 (the
BigInteger(x, 16) constructor builds from base-16, that's why you get the
exception), so no transformation should be done. Just use them directly. I
need all the transformation because my md5 digests were in hexadecimal
(base-16).
One thing though: my strings were *not* "linux passwords", so I'm not
familiar with them; are you sure that they are md5 digests of the user
passwords (somebody in this list could confirm it, or tell something more
about)? They seem too long to be an md5 digest in base-64. Anyhow, you need
to truncate them to 20 characters, as James wants them that way.
Bye,
Vincenzo
> -----Original Message-----
> From: Javier Storni [mailto:javier@512konline.com.ar]
> Sent: venerdì 28 febbraio 2003 18.08
> To: Vincenzo Gianferrari Pini
> Subject: Re: Password encryption algorithm attachments
>
>
> Vicenzo,
>
> I testing the code that you send me, and I have a problem with my Linux
> passwords.
>
> For example: $1$46359428$xcdb7Q1cWQAwdyDNjQRy81
>
> When I send that password as an argument to Bigdecimal( <String>,
> <int>), I
> get an exception:
>
> Exception in thread "main" java.lang.NumberFormatException: For input
> string: "$1$Ich"
>
> I must make a preprocessing for each password, before convert them to
> base64. Right ?
>
> Your code:
>
> *********************************************
>
> public String getPwdHash() {
>
> if (getPwdHashHex() == null) {
>
> return null;
>
> }
>
>
> BigInteger bigInteger = new BigInteger( getPwdHashHex() <-- This is the
> problem , 16);
>
> *******************************************
>
> Thanks.
>
> Javier Storni
>
>
> ----- Original Message -----
> From: "Vincenzo Gianferrari Pini" <vi...@praxis.it>
> To: "Javier Storni" <ja...@512konline.com.ar>
> Sent: Thursday, February 27, 2003 12:01 PM
> Subject: RE: Password encryption algorithm attachments
>
>
> > I don't know why they don't get through.
> >
> > I will send you the attachments directly.
> >
> > Let me know.
> >
> > Bye,
> >
> > Vincenzo
> >
> > > -----Original Message-----
> > > From: Javier Storni [mailto:javier@512konline.com.ar]
> > > Sent: giovedì 27 febbraio 2003 15.55
> > > To: Vincenzo Gianferrari Pini
> > > Subject: Re: Password encryption algorithm attachments
> > >
> > >
> > > Vicenzo,
> > >
> > > I didn't got the attachet file in last message.
> > > Could you send me again ?
> > >
> > > Thanks a lot, again.
> > >
> > > Javier
> > >
> > > ----- Original Message -----
> > > From: "Vincenzo Gianferrari Pini" <vi...@praxis.it>
> > > To: <ja...@512konline.com.ar>
> > > Sent: Thursday, February 27, 2003 11:50 AM
> > > Subject: Password encryption algorithm attachments
> > >
> > >
> > > > Javier, did you receive the attachments? In the message bounced
> > > back from
> > > > the list the attachments were missing. Please let me know.
> > > >
> > > > Vincenzo
> > > >
> > >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Password encryption algorithm.
Posted by Vincenzo Gianferrari Pini <vi...@praxis.it>.
"Snippet.java" contains a java code snippet invoking the "encodeBytes"
method in the "Base64" class, contained in the "Base64.java" file. I found
the latter somewhere on the web, thanks to it's author.
I had to put in the code snippet some "magic" to deal with non significant
zeroes and truncate to 20 characters (to be consistent with james), but that
may be a need of my implementation.
I did not use the base-64 code used in james (it probably would have been
more straightforward), as my code runs completely outside of James.
Bye,
Vincenzo
> -----Original Message-----
> From: Javier Storni [mailto:javier@512konline.com.ar]
> Sent: giovedì 27 febbraio 2003 14.52
> To: James Users List
> Subject: Re: Password encryption algorithm.
>
>
> Yes, I have MD5 linux original passwords.
> So, I need convert then to base64.
>
> Can you send me the code ?
>
> Thanks a lot.
>
> Javier Storni
>
>
> ----- Original Message -----
> From: "Vincenzo Gianferrari Pini" <vi...@praxis.it>
> To: "James Users List" <ja...@jakarta.apache.org>
> Sent: Thursday, February 27, 2003 10:34 AM
> Subject: RE: Password encryption algorithm.
>
>
> > It's impossible "by definition" to migrate an md5 digested
> password to an
> > SHA digested password, as it would imply that you could break the md5
> > algorithm.
> >
> > What you can do is keeping the md5 password (md5 is supported by James),
> > doing the following for each user:
> >
> > 1) set the "pwdAlgorithm" field of the "users" table to "MD5";
> >
> > 2) set the "pwdHash" field to the md5 string, converted to base-64.
> >
> > Now, I don't know what is the base format used by linux md5, but james
> uses
> > base-64 (with some "magic"?). If your original md5 string is in hex
> > (base-16) as it was my case, I can send you the java code I use, that
> works.
> > Let me know.
> >
> > Bye,
> >
> > Vincenzo
> >
> > > Hi,
> > >
> > > Anyone know how to migrate linux md5 passwords to SHA passwords, or
> other
> > > algorithm supported by james ?
> > >
> > > I'm using jdbc users.
> > >
> > > Thanks in advance.
> > >
> > > Javier Storni
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: james-user-help@jakarta.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: james-user-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-user-help@jakarta.apache.org
>
Re: Password encryption algorithm.
Posted by Javier Storni <ja...@512konline.com.ar>.
Yes, I have MD5 linux original passwords.
So, I need convert then to base64.
Can you send me the code ?
Thanks a lot.
Javier Storni
----- Original Message -----
From: "Vincenzo Gianferrari Pini" <vi...@praxis.it>
To: "James Users List" <ja...@jakarta.apache.org>
Sent: Thursday, February 27, 2003 10:34 AM
Subject: RE: Password encryption algorithm.
> It's impossible "by definition" to migrate an md5 digested password to an
> SHA digested password, as it would imply that you could break the md5
> algorithm.
>
> What you can do is keeping the md5 password (md5 is supported by James),
> doing the following for each user:
>
> 1) set the "pwdAlgorithm" field of the "users" table to "MD5";
>
> 2) set the "pwdHash" field to the md5 string, converted to base-64.
>
> Now, I don't know what is the base format used by linux md5, but james
uses
> base-64 (with some "magic"?). If your original md5 string is in hex
> (base-16) as it was my case, I can send you the java code I use, that
works.
> Let me know.
>
> Bye,
>
> Vincenzo
>
> > Hi,
> >
> > Anyone know how to migrate linux md5 passwords to SHA passwords, or
other
> > algorithm supported by james ?
> >
> > I'm using jdbc users.
> >
> > Thanks in advance.
> >
> > Javier Storni
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: james-user-help@jakarta.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Password encryption algorithm.
Posted by Vincenzo Gianferrari Pini <vi...@praxis.it>.
It's impossible "by definition" to migrate an md5 digested password to an
SHA digested password, as it would imply that you could break the md5
algorithm.
What you can do is keeping the md5 password (md5 is supported by James),
doing the following for each user:
1) set the "pwdAlgorithm" field of the "users" table to "MD5";
2) set the "pwdHash" field to the md5 string, converted to base-64.
Now, I don't know what is the base format used by linux md5, but james uses
base-64 (with some "magic"?). If your original md5 string is in hex
(base-16) as it was my case, I can send you the java code I use, that works.
Let me know.
Bye,
Vincenzo
> Hi,
>
> Anyone know how to migrate linux md5 passwords to SHA passwords, or other
> algorithm supported by james ?
>
> I'm using jdbc users.
>
> Thanks in advance.
>
> Javier Storni
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org