Geek Answers Handbook

Salted Hash Codes Without Salt

I have a mail server that stores passwords for mailboxes in a mysql database with the following sql:

ENCRYPT([PASSWORT], concat(_utf8"$1$", right(md5(rand()), 8), _utf8"$"))

But there is no salt in the database.

Now I need to create a login process to this database, but it's hard to compare the saved password due to the missing salt. I noticed that the password hash contains salt in the following form:

 $1$[SALT]$[PASSWORD-HASH]

How to create a comparable password hash to create a login?

Dovecot can connect to users using stored passwords, but how?

+4
source share
1 answer

The MySQL function ENCRYPT() calls the crypt (3) Unix library function , which implements various password hashing algorithms. The particular algorithm used is selected by the salt parameter, which should begin with the identifier of the algorithm surrounded by dollar signs; for example, a salt starting at $1$ follows the old MD5-based hash scheme from Poul Henning-Kamp .

(The reason for this rather curious way of choosing an algorithm is historical: the original design of crypt (3) based on DES from 1976 did not support alternative hashing algorithms, so the method of designating them had to be aligned to the existing interface in order to maintain compatibility with old password databases. As it turned out , the resulting system is quite nice and flexible, even if at first glance it looks strange.)

In any case, all crypt (3) hashing algorithms (including the original DES based on one ) always include the salt (and the algorithm identifier built into it) at the beginning of the output and ignore any additional data added to the end of the salt input. Thus, to check the password hash, you simply load the original hash into ENCRYPT() as a salt and check if it is equal to the result:

 SELECT user_id, password_hash = ENCRYPT('password', password_hash) AS password_is_correct FROM user_table WHERE user_id = 12345;
+5
source

More articles:


All Articles