Apache crypt to SHA or standard Unix crypt
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Thu Oct 13 15:12:18 UTC 2005
On Wed, Oct 12, 2005 at 08:00:31PM -0400, Leah Cunningham wrote:
> That's what I was afraid of, and indeed I'm half way through the passwd
> file now, I just wondered if there were any clever tricks to get around
> having to crack the file. Or perhaps, a way to get pam or ldap to
> better deal with the apache crypts.
Even if you can crach the passwords, part of a problem would be that the
password it gives you may not be the same as what the user uses. They
would just be two passwords which both hash to the same thing using that
particular crypt. So if you were to use that and re encrypt it with
another algorithm, now the users real password (the one they believe to
be their password) won't work anymore.
Unless you have the plaintext passwords, you can't change encryption.
There is just no way.
Lennart Sorensen
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list