If they store the passwords locally they seem to use "the strongly secure SHA format"
![[Image: add_user.png]](https://manuals.gfi.com/en/kerio/connect/content/assets/add_user.png)
https://manuals.gfi.com/en/kerio/connect...ritypolicy
They don't specify how they mangle/salt/alter the hash. They can do this in an infinte amount of ways, so it will be difficult to guess how they do it based only on 3 users with the same password.
They also seems to offer database wide encryption: https://manuals.gfi.com/en/kerio/connect...Encrypting
It is unclear how they make this encryption. But your string start with D3S, this might refer to Triple DES or just DES.
I tried to download the application and look if decompilation is an option (if it was a .net or Java application), but I get the error "Error 28103" when installing. But I think you need more information than 3 accounts with the same passwords.
https://manuals.gfi.com/en/kerio/connect...ritypolicy
They don't specify how they mangle/salt/alter the hash. They can do this in an infinte amount of ways, so it will be difficult to guess how they do it based only on 3 users with the same password.
They also seems to offer database wide encryption: https://manuals.gfi.com/en/kerio/connect...Encrypting
It is unclear how they make this encryption. But your string start with D3S, this might refer to Triple DES or just DES.
I tried to download the application and look if decompilation is an option (if it was a .net or Java application), but I get the error "Error 28103" when installing. But I think you need more information than 3 accounts with the same passwords.