Migration-Tool from ispcp

Discussion in 'Developers' Forum' started by suther, Jul 16, 2013.

  1. suther

    suther New Member HowtoForge Supporter

    I write a migration-toolkit from ispcp (and all forks of it).

    Maybe later, additional isp-Panels will follow (like plesk, cpanel and other)

    I hope to get here some input for my question, that will cause of creationprocess.

    First question:

    In ispcp i have only md5 Passwords for useraccounts. Can i use those directly to insert them into ispconfig, or via api, or does these passwors salted in ispconfig?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig uses crypt-md5 with salt for all types of users (mail, ftp, ssh, interface login). by default, so you can not insert md5 passwords. Only the ispconfig interface users (in sys_user + client table) have a fallback mode that works with plain md5 as well.
  3. suther

    suther New Member HowtoForge Supporter

    Ok, so question is: Is there another Function, which make my md5-Passwords salted?

    Plan is to migrate the ISPCP-Panel-Login-passwords as ISPConfig Login-Passwords.

    Would be glad to got some recommendations
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    I'am not aware of a conversion method, but this does not mean that there is none.
  5. Disassembler

    Disassembler New Member

    By the very nature of cryptographic hashes there can't be a way to salt passwords if you don't have the plaintext. With Plesk I was lucky that it's daft enough to store plaintext in the database but I suppose you have no other choice than to reset the passwords.
    Unless you want to exploit the fact that MD5 is broken (something to consider for ISPconfig as well!) and you have some CPU power to spare for reversing the hashes ;) Of course you could use one of the various rainbow table sites to automatically check if you can crack the hashes ...
  6. ispcomm

    ispcomm Member

    ispcp passwords in the database are actually obfuscated cleartext. This is true for ftp and mail passwords.

    You can decrypt them all.

    Read in the source for the corresponding function, and look for the "keys" in both the perl and php engines.

Share This Page