Decrypt encrypted MailEnable passwords


I am writing a secured customer portal that allows a user to recover passwords for various items (Email, FTP, database, CMS etc), all is working fine except the email, which is encrypted in the database.

We are using MailEnable and have password encryption enabled, I know what the encryption key is, however I dont know what method is used to perform the encryption, I do know it is reversible as we have the option to unencrypt the entire database (which I don't intend to do).

The passwords seem to be Hex encoded, when decoded the string length seems to match the length of the unencrypted password.

Hope someone knows the answer.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Well, according to the MailEnable site, NTLM is used for password authentication, and the gist I get from the Wikipedia entry on NTLM, is that the password itself is not stored, but a hash of the password.

Storing the password hash instead of the actual password is common behaviour, as it makes the password database less useful if the server gets hacked. (A list of password hashes will not allow the hacker to login unless they can work out which actual password string produces a password hash.)

So I'm guessing (and it is a guess) that you won't be able to retrieve the MailEnable password, as it's not stored on the server, and the password hash is of no use to the user. This is why many systems offer a "password reset" option, but very few offer a "password retrieval" option.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JimMeadAuthor Commented:

The passwords are definately reversible as we have the option to revert to an unencrypted state.
We are not using NTLM authentication, just the standard plain text authentication (over SSL so the plain text is encrypted), the user database is stored in a MySQL database.
The MailEnable site doesn't seem to offer details about the password encryption, so you may have to email their support / developer forum and ask how it works.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.