Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. DBMail>
  3. dev
dbmail md5 is not md5 from RFC 1321 ?
dbmail at tmueller
Mar 26, 2004, 10:59 AM
Post #1 of 6 (480 views)
Permalink
Hi,

can someone explain the difference between the md5 algorithm dbmail uses
and the one from RFC 1321? I only know md5s as 32 byte hex string.

dbmail-adduser a test {md5:}test 0 1000

In the database I have as password for user test:
$1$bG4N.RkG$lO4.RvFp0ubDFocBxtt02/

The 32 byte hex string of 'test' would be:
098f6bcd4621d373cade4e832627b4f6

Thanks.


Thomas
--
http://www.tmueller.com for pgp key (95702B3B)
Re: dbmail md5 is not md5 from RFC 1321 ? [ In reply to ]
paul at nfg
Mar 26, 2004, 12:03 PM
Post #2 of 6 (467 views)
Permalink
The difference is between md5-digest, and md5-hash. I don't have any
detailed knowlegde of the algorithms involved, though.

Thomas Mueller wrote:
> Hi,
>
> can someone explain the difference between the md5 algorithm dbmail uses
> and the one from RFC 1321? I only know md5s as 32 byte hex string.
>
> dbmail-adduser a test {md5:}test 0 1000
>
> In the database I have as password for user test:
> $1$bG4N.RkG$lO4.RvFp0ubDFocBxtt02/
>
> The 32 byte hex string of 'test' would be:
> 098f6bcd4621d373cade4e832627b4f6
>
> Thanks.
>
>
> Thomas

--
________________________________________________________________
Paul Stevens mailto:paul@nfg.nl
NET FACILITIES GROUP PGP: finger paul@nfg.nl
The Netherlands________________________________http://www.nfg.nl
Re: dbmail md5 is not md5 from RFC 1321 ? [ In reply to ]
dbmail at tmueller
Mar 27, 2004, 4:25 AM
Post #3 of 6 (461 views)
Permalink
Hi Paul,

> The difference is between md5-digest, and md5-hash. I don't have any
> detailed knowlegde of the algorithms involved, though.

I searched around the net in case I've missed something in the past but
I found nothing new.

md5 = message digest 5, md5 is a hash algorithm. There are 3
representations of the message digest:
16 byte: raw output
24 byte: base64 encoded
32 byte: hex string

This perl script shows all of them:
-----
#!/usr/bin/perl
use Digest::MD5 qw(md5 md5_hex md5_base64);

my $string = "test";

print "string: " . $string . "\n";
print "md5: " . md5($string) . "\n";
print "md5_hex: " . md5_hex($string) . "\n";
print "md5_base64: " . md5_base64($string) . "\n";
-----

Every software I found uses the hex string, so dbmail should use that
one too (that way I can use the dbmail account for SMTP Auth with p.e.
exim).

> >can someone explain the difference between the md5 algorithm dbmail uses
> >and the one from RFC 1321? I only know md5s as 32 byte hex string.


Thomas
--
http://www.tmueller.com for pgp key (95702B3B)
Re: dbmail md5 is not md5 from RFC 1321 ? [ In reply to ]
paul at nfg
Mar 28, 2004, 9:05 AM
Post #4 of 6 (474 views)
Permalink
There is something called md5-crypt, which is standard in shadow utils,
and php among others. It uses a salt, just like des-crypt. And your are
correct, it seems; it's not part of md5 proper, hence not mentioned in
the rfc.



Thomas Mueller wrote:
> Hi Paul,
>
>
>>The difference is between md5-digest, and md5-hash. I don't have any
>>detailed knowlegde of the algorithms involved, though.
>
>
> I searched around the net in case I've missed something in the past but
> I found nothing new.
>
> md5 = message digest 5, md5 is a hash algorithm. There are 3
> representations of the message digest:
> 16 byte: raw output
> 24 byte: base64 encoded
> 32 byte: hex string
>
> This perl script shows all of them:
> -----
> #!/usr/bin/perl
> use Digest::MD5 qw(md5 md5_hex md5_base64);
>
> my $string = "test";
>
> print "string: " . $string . "\n";
> print "md5: " . md5($string) . "\n";
> print "md5_hex: " . md5_hex($string) . "\n";
> print "md5_base64: " . md5_base64($string) . "\n";
> -----
>
> Every software I found uses the hex string, so dbmail should use that
> one too (that way I can use the dbmail account for SMTP Auth with p.e.
> exim).
>
>
>>>can someone explain the difference between the md5 algorithm dbmail uses
>>>and the one from RFC 1321? I only know md5s as 32 byte hex string.
>
>
>
> Thomas

--
________________________________________________________________
Paul Stevens mailto:paul@nfg.nl
NET FACILITIES GROUP PGP: finger paul@nfg.nl
The Netherlands________________________________http://www.nfg.nl
Re: dbmail md5 is not md5 from RFC 1321 ? [ In reply to ]
jesse at kci
Mar 30, 2004, 9:59 AM
Post #5 of 6 (462 views)
Permalink
Hello,

dbmail supports both md5 hash and digest. For the digest, try using
a type of "md5sum" instead of "md5". The value in the database can
actually be in either format if encryption_type is "md5" (it looks at
the first 3 chars and if it's $1$ it's an md5 hash), but if you tell
it to create with an "md5" password format, you get the hash. The
hash is of course much better for security if someone ever gets a copy
of your users table (it takes a tremendous amount more resources to
generate a dictionary table for md5 hashes than the digest, which has
a 1-1 ratio with the plaintext password).



---- Original Message ----
From: Thomas Mueller <dbmail-dev@dbmail.org>
To: DBMAIL Developers Mailinglist <dbmail-dev@dbmail.org>
Subject: Re: [Dbmail-dev] dbmail md5 is not md5 from RFC 1321 ?
Sent: Sat, 27 Mar 2004 12:25:46 +0100

> Hi Paul,
>
> > The difference is between md5-digest, and md5-hash. I don't have any
> > detailed knowlegde of the algorithms involved, though.
>
> I searched around the net in case I've missed something in the past but
> I found nothing new.
>
> md5 = message digest 5, md5 is a hash algorithm. There are 3
> representations of the message digest:
> 16 byte: raw output
> 24 byte: base64 encoded
> 32 byte: hex string
>
> This perl script shows all of them:
> -----
> #!/usr/bin/perl
> use Digest::MD5 qw(md5 md5_hex md5_base64);
>
> my $string = "test";
>
> print "string: " . $string . "\n";
> print "md5: " . md5($string) . "\n";
> print "md5_hex: " . md5_hex($string) . "\n";
> print "md5_base64: " . md5_base64($string) . "\n";
> -----
>
> Every software I found uses the hex string, so dbmail should use that
> one too (that way I can use the dbmail account for SMTP Auth with p.e.
> exim).
>
> > >can someone explain the difference between the md5 algorithm dbmail uses
> > >and the one from RFC 1321? I only know md5s as 32 byte hex string.
>
>
> Thomas
> --
> http://www.tmueller.com for pgp key (95702B3B)
> _______________________________________________
> Dbmail-dev mailing list
> Dbmail-dev@dbmail.org
> http://twister.fastxs.net/mailman/listinfo/dbmail-dev
>
-- End Original Message --


--
Jesse Norell

administrator@kci.net is not my email address;
change "administrator" to my first name.
--
Re: dbmail md5 is not md5 from RFC 1321 ? [ In reply to ]
dbmail at tmueller
Mar 30, 2004, 11:58 AM
Post #6 of 6 (469 views)
Permalink
Hi Jesse,

> dbmail supports both md5 hash and digest. For the digest, try using
> a type of "md5sum" instead of "md5". The value in the database can
> actually be in either format if encryption_type is "md5" (it looks at
> the first 3 chars and if it's $1$ it's an md5 hash), but if you tell
> it to create with an "md5" password format, you get the hash. The
> hash is of course much better for security if someone ever gets a copy
> of your users table (it takes a tremendous amount more resources to
> generate a dictionary table for md5 hashes than the digest, which has
> a 1-1 ratio with the plaintext password).

Yes that works fine, I missed that in the man page, sorry.
Better security would be fine, but exim needs a md5 digest.


Thomas
--
http://www.tmueller.com for pgp key (95702B3B)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal