Date: Sat, 29 Dec 2001 13:49:46 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: <freebsd-security@freebsd.org> Subject: MD5 password salt calculation Message-ID: <20011229133456.J99302-100000@catalyst.sasknow.net>
next in thread | raw e-mail | index | archive | help
Hey everybody, Is there an accepted/standard method of calculating the crypt() salt for *new* passwords with MD5? I'm looking at usr.bin/passwd/local_passwd.c, and usr.sbin/pw/pw_user.c, and see two apparently different approaches. Further, I see that the algorithm in -STABLE has changed since 3.x, and maybe it's even changed again in -CURRENT. What I'm looking for is a _portable_ MD5 algorithm that I can build in to a new application. It is likely that sysadmins will want to import their old MD5 and possibly DES passwords, and it is entirely possible they will want to EXPORT passwords from my application back to their own passwd database, so I need to retain compatibility. I suppose the initial salt can be calculated differently, and still work, but I'd still like to get it right. So, before I go hacking, hopefully someone can give me a clue to where I can look to calculate a new MD5 salt. Thanks! - Ryan -- Ryan Thompson <ryan@sasknow.com> Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011229133456.J99302-100000>