log on to imap server using only encrypted passwd

Cameron Simpson cs at zip.com.au
Thu May 31 00:52:01 BST 2012


On 30May2012 12:05, Razvan Chitu <crc at topedge.ro> wrote:
|      I would like to sync some local Maildir folders with a remote IMAP 
| server using offlineimap. However, I have been only provided with the 
| shadow file from the remote IMAP server (no cleartext passwords for me). 

That's very strange. Background?

| Can I log in to the remote IMAP for a sync using only the encrypted 
| passwords?

Without brute force cracking them, no.

They're not encrypted passwords, they're salted one-way hashes. When
you log into a server it computes a hash from the cleartext password
you supply; if it matches the hash from the shadow file it is deemed
correct. The computation is lossy and does not go the other way. You
can only compute working passwords by brute force.

The whole point of password hashes it to protect the passwords in the
face of a third party acquiring the hashes (eg you). Pre the shadow file
these hashes were in the clear in the passwd file and still pretty
secure.

Cheers,
-- 
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/

... and that was only one of many occasions on which I met my death,
an experience which I don't hesitate to recommend strongly.
        - Baron von Munchausen




More information about the OfflineIMAP-project mailing list