RhinoSoft.com Knowledge Base
- Article -- 1177
Manually Generating Encrypted Passwords
To generate an encrypted password for insertion into an ODBC user database (ODBC -or- .ini file in the case of Serv-U 6.x), first two random characters (the 'salt' - in the range a..z, A..Z) are added to the beginning of the clear-text password. This is then hashed using MD5 and the resulting hash is hex-encoded. The result of this is written as plain-text starting with the 2 salt characters followed by the hex-encoded hash.
The algorithm works as below:
| Action | Result |
| Password is established | TestPassword |
| 2 salt characters are added to increase complexity | cbTestPassword |
| Result is hashed using MD5 and displayed in hexadecimal | 8EA58F0751BAA5AF391253F7DADD3D46 |
| 2 salt characters added to beginning of previous hash | cb8EA58F0751BAA5AF391253F7DADD3D46 |
When verifying a user's password, Serv-U will do the same. It parses the salt from the user's stored password (i.e., "cb" in this case), prepends it the password the user sent to it by the client, MD5 hashes it, and compares the result with the stored hash. If the values are equal, then the entered password is correct.
If you are having problems updating the ini file without restarting Serv-U please see Knowledge Base Article #1176.
