21 Sep
2010
21 Sep
'10
9:28 p.m.
On Tue, 2010-09-21 at 11:24 -0700, David Jonas wrote:
We have a plethora of accounts for which we would like to enable CRAM-MD5 but their passwords are stored as MD5 hashes. Is there anything we can do? Can we take a linux MD5 hashed password (e.g. $1$fac330ee$wd6Tll...) and convert it to dovecot's CRAM-MD5 format (e.g. {CRAM-MD5}b3f297...)?
a) Crack the password with brute force. Probably won't be highly successful.
b) The plaintext password is known while user logs in. Save it as CRAM-MD5 at that time.