[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem in verifying MD5 decrypted passwd with plain text one


When you say "already decrypted" do you mean "already base64 decoded"?  As
far as I know you can't decrypt an MD5 password, so I guess you must mean
Base64 decoded.

You have to encrypt the new plain-text password using the same salt [and
base64 method if necessary] as the old one was, and then compare the two
encrypted results.

I don't know about MD5, but in a standard Unix password, the salt is stored
as the first two characters of the encrypted password.

Best Regards,
Unix Sysadmin

kavita wrote:

> hi everybody,
>        am adding entries of users in a ldap and providing a web-based
> link for change their password.
> i have a detailed entry of users in a ldap like
> username,password,mailquota,uid,gid etc.
> user's password is stored in MD5 base64 encrypted format.
> as all change password script requires old(current) password for
> verification of valid user and then new password and confirm (re-type )
> password.
> when i retrieve user's old(current) password it is already decrypted.
> now i want to match this decrypted password with plain text password
> which is entered by use(current pass).
> how shall i do it?
> Thanx in Advance.
> --
> Kavita Modi
> S/W Engg.
> Worldgate Network Private Limited.
> 206,Trividh,
> Ring Road,
> Surat - 395002.
> E-Mail:kavita@worldgatein.net
----------------------------------------- (on suk.neceur.com)

This e-mail message is intended only for the addressee(s) and contains 
information which may be confidential. If you are not the intended 
recipient please do not read, save, forward, disclose or copy the contents 
of this e-mail. If this e-mail has been sent to you in error, please delete this 
e-mail and any copies or links to this e-mail completely and immediately 
from your system. We would also like to inform you that communication via e-mail 
over the Internet is insecure because third parties may have the possibility 
to access and manipulate e-mails.

Any views expressed in this message are those of the individual sender, 
except where the sender specifically states them to be the views of 
NEC Semiconductors(UK) Ltd.