[Date Prev][Date Next] [Chronological] [Thread] [Top]

encrypt password by md5 twice?

To: OpenLDAP Software List <openldap-software@openldap.org>
Subject: encrypt password by md5 twice?
From: Zhang Weiwu <zhangweiwu@realss.com>
Date: Thu, 11 Oct 2007 09:41:40 +0800
User-agent: Thunderbird 1.5.0.13 (X11/20070824)

Dear everyone

I am planing to migrate an Intranet info system to authenticate with
OpenLDAP, so more of our business can be done with the same login. The
old system uses their own SQL table to store user information, no
problem, I can write a script to convert to LDIF format. But md5 was
used to encrypt user password, and the developer of that system knows
md5 is cracked, so he encrypted the md5 hash with md5 method again.

clear text password --> md5 hash --> md5 hash of the md5 hash

My question:

   1. Have you ever heard this solution to avoid md5 crack? Now as I
      cannot reach the original system author, I wonder how this idea
      come to be (e.g. why not using SHA).
   2. Does it work? (is md5 hashed md5 hash much safer with no side-effect?)
   3. Now, how we can migrate this system to use openldap. AFAIK
      openldap have no direct support for such hash. There are a lot of
      users of the system and there will be problems if migration is
      done and everyone's password is reset..

Thanks in advance!

-- 
Real Softservice

Huateng Tower, Unit 1788
Jia 302 3rd area of Jinsong, Chao Yang

Tel: +86 (10) 8773 0650 ext 603
Mobile: 135 9950 2413
http://www.realss.com

Follow-Ups:
- Re: encrypt password by md5 twice?
  - From: Gavin Henry <ghenry@suretecsystems.com>
- Re: encrypt password by md5 twice?
  - From: Kurt Zeilenga <kurt@OpenLDAP.org>

Prev by Date: Info on cn=Monitor items
Next by Date: Re: empty db
Index(es):
- Chronological
- Thread