Hello,
dbmail supports both md5 hash and digest. For the digest, try using
a type of "md5sum" instead of "md5". The value in the database can
actually be in either format if encryption_type is "md5" (it looks at
the first 3 chars and if it's $1$ it's an md5 hash), but if you tell
it to create with an "md5" password format, you get the hash. The
hash is of course much better for security if someone ever gets a copy
of your users table (it takes a tremendous amount more resources to
generate a dictionary table for md5 hashes than the digest, which has
a 1-1 ratio with the plaintext password).
---- Original Message ----
From: Thomas Mueller <dbmail-dev@dbmail.org>
To: DBMAIL Developers Mailinglist <dbmail-dev@dbmail.org>
Subject: Re: [Dbmail-dev] dbmail md5 is not md5 from RFC 1321 ?
Sent: Sat, 27 Mar 2004 12:25:46 +0100
> Hi Paul,
>
> > The difference is between md5-digest, and md5-hash. I don't have any
> > detailed knowlegde of the algorithms involved, though.
>
> I searched around the net in case I've missed something in the past but
> I found nothing new.
>
> md5 = message digest 5, md5 is a hash algorithm. There are 3
> representations of the message digest:
> 16 byte: raw output
> 24 byte: base64 encoded
> 32 byte: hex string
>
> This perl script shows all of them:
> -----
> #!/usr/bin/perl
> use Digest::MD5 qw(md5 md5_hex md5_base64);
>
> my $string = "test";
>
> print "string: " . $string . "\n";
> print "md5: " . md5($string) . "\n";
> print "md5_hex: " . md5_hex($string) . "\n";
> print "md5_base64: " . md5_base64($string) . "\n";
> -----
>
> Every software I found uses the hex string, so dbmail should use that
> one too (that way I can use the dbmail account for SMTP Auth with p.e.
> exim).
>
> > >can someone explain the difference between the md5 algorithm dbmail uses
> > >and the one from RFC 1321? I only know md5s as 32 byte hex string.
>
>
> Thomas
> --
> http://www.tmueller.com for pgp key (95702B3B)
> _______________________________________________
> Dbmail-dev mailing list
> Dbmail-dev@dbmail.org
> http://twister.fastxs.net/mailman/listinfo/dbmail-dev
>
-- End Original Message --
--
Jesse Norell
administrator@kci.net is not my email address;
change "administrator" to my first name.
--