I'm in the process of doing this right now.
The answer is: You Can't.
I've spent weeks with the post.office technical support staff, just to
have them finally give me that answer. They told me something stupid like
"This is a proprietary algorithm and for ours and our customers security,
we can not divulge the algorithm"
This has forced me to do this:
I've written a checkpassword implementation in perl that checks a sql
database first (replacement for post.office) if the users has all his
info, then the authentication proceeded normally. If the user exists but
has no password then it goes out and passes then authentication to the old
post.office server and checks if it is valid, if so it crypts the password
and places it into the database so this only has to be done once for each
post.office user.
The overhead is a little more than I'd like but, I couldn't come up with a
better solution.
We all know how secure proprietary algorithms are, I plan to try and figure
out their process after having a large plain text->post.office encryption
table built. If I can figure out what they are doing I will post my
results on the Internet.
They say they are using MD5 but MD5 returns a 128bit hash if I remember
right and post.office returns a 256bit hash, the only algorithm I could
find that will return a 256bit hash is GOST, and post.offfice does not
appear to be using GOST.
-Chris Nelson
On Wed, 17 Feb 1999, A.Y. Sjarifuddin wrote:
> Date: Wed, 17 Feb 1999 14:04:42 +0700
> From: "A.Y. Sjarifuddin" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Delivered-To: [EMAIL PROTECTED]
> Delivered-To: mailing list [EMAIL PROTECTED]
> Subject: Moving post office to qmail
>
> We'd like to move our post office to qmail, the problem is in the users
> password.
> Post office using MD5 encryption with a seed (64 char).
> Any idea how to change this MD5 encryption to qmail?
>
> Thanks in advance.
>
