Password Encryption/Decryption

Ashveer Ramnath
Ashveer Ramnath used Ask the Experts™
on
Hi There,

We have recently acquired a  new mail base and we need to sync the data over to our new server.
However we have encountered a problem where the passwords are encrypted.
There are 2 passwords, digest password: digestPassword = {SSHA}TWcg67eMGQn428d3dS4HbZJqytpFMkku182nLQ==
and encrypted password. I was given a key RSA-X.509 to decrypt it but unsure how to go about so.
Please could someone kindly advise as we have around 50k mailboxes to copy over.
Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Consulting and Network/Security Specialist
Commented:
If you're looking for a way to get the clear text passwords out of a digest/hash, you're more or less out of luck ... any algorithm for hashes/digests uses mathematical functions to create sorts of a checksum of the original password, but (unless the programmer or designer screwed up) can NOT be reversed easily ... actually, they can not be reversed, period, but can only brute-force calculated to result in a potential correct password (which may or may not be the original one, it might also be what's called a "collision", a different string that results in the same hash/checksum.
On the encrypted password, you may be able to reverse the encryption, based on the X.509 key ... once you are able to do that, of course, you could then recreate the digestPassword, though I'm not exactly sure how this would help you ...

In general, at least on *ix mail servers, there usually are master accounts that allow full access to all user mailboxes, which would make it possible to copy all mails from one server to another. Not sure about Exchange, but I would imagine that using a system admin account might also have similar options. If so, using that and a tool like imapsync (unix/maxosx-based ) could be used to synchronize the whole mail database from one server to another
btanExec Consultant
Distinguished Expert 2018
Commented:
unlikely you can get back the plain password from the digest and that is the intent to protect the password not be in clear when in transit. Even though it uses a weak hash such as MD5, it uses nonce which make the clear password even harder to be retrieved back. As for the encrypted version, you need the private key of the X.509, you may find this useful
https://techjourney.net/how-to-decrypt-an-enrypted-ssl-rsa-private-key-pem-key/
btanExec Consultant
Distinguished Expert 2018

Commented:
advice given.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial