Re: You're on SecurityFocus.com for the cleartext passwords.

"Robert B. Easter" wrote:
> 
> On Sun, 07 May 2000, Hannu Krosing wrote:
> >
> > But how will you know if the data in the field is md5 hashed ?
> 
> I think they begin with $1$ and that the salt in the hashed string is like this:

how do you distinguish it from a plaintext password thet starts with $1$
?

> $1$<salt>$   -- a total of 12 characters of salt if you include the $1$$
> characters. <salt> is 9 characters.  Someone can correct me if this is not
> true. I'm not an expert. :)

Well in Zope they begin with {MD5} for MD5 hash. The md5 hash itself
knows 
nothing about salt - it is just fed to the function before the password.
And the digest can begin with anything, possibly even \0 if not
{uu|base64}encoded

------------
Hannu