From owner-freebsd-security  Sat Dec 29 22:38:58 2001
Delivered-To: freebsd-security@freebsd.org
Received: from bilver.wjv.com (spdsl-033.wanlogistics.net [63.209.115.33])
	by hub.freebsd.org (Postfix) with ESMTP id F2C8937B419
	for <security@FreeBSD.ORG>; Sat, 29 Dec 2001 22:38:55 -0800 (PST)
Received: (from bv@localhost)
	by bilver.wjv.com (8.11.6/8.11.6) id fBU6cta39724
	for security@FreeBSD.ORG; Sun, 30 Dec 2001 01:38:55 -0500 (EST)
	(envelope-from bv)
Date: Sun, 30 Dec 2001 01:38:54 -0500
From: Bill Vermillion <bv@wjv.com>
To: security@FreeBSD.ORG
Subject: Re: MS5 password salt calculation
Message-ID: <20011230013854.A39364@wjv.com>
Reply-To: bv@wjv.com
References: <bulk.34219.20011229215845@hub.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <bulk.34219.20011229215845@hub.freebsd.org>; from owner-freebsd-security-digest@FreeBSD.ORG on Sat, Dec 29, 2001 at 09:58:46PM -0800
Organization: W.J.Vermillion / Orlando - Winter Park
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


> Date: Sat, 29 Dec 2001 23:00:12 -0600 (CST)
> From: Ryan Thompson <ryan@sasknow.com>
> Subject: Re: MD5 password salt calculation

> Rik wrote to Ryan Thompson:

> Hi Rik,

> > Salt is just some randomness thrown in so that you can't just make
> > a standard dictionary to compare hashed passwords with. All you
> > need to do is make the relevant number of random chars.

> Right.. I gather it's still the convention to use $1$ to differentiate
> between DES/MD5, in the case where both password formats are being
> imported. Is $1$ pretty much caught on everywhere? I've seen it in
> OpenBSD and NetBSD, probably even Linux, but it's been awhile since I
> looked.

You can't say that $1$ 'caught on' as that's the way it is defined
to indicate what follows. The $1$ indicates the following is an MD5.
I was looking for the docs the other day, and from memory if the
first characters are $5$, then that indicates that the following
string would be blowfish encryption. You should also not that the
next $ is the salt separator, and on my system there are typically 8
digits after $1$ and before the next $, for 2trillion+ salts.

> End of security-digest V5 #390
> with unsubscribe freebsd-security-digest in the body of the message

Bill


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message