Date: Sun, 30 Dec 2001 04:30:20 +0000 From: Rik <freebsd-security@rikrose.net> To: Ryan Thompson <ryan@sasknow.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: MD5 password salt calculation Message-ID: <20011230043020.A9927@spoon.pkl.net> In-Reply-To: <20011229133456.J99302-100000@catalyst.sasknow.net>; from ryan@sasknow.com on Sat, Dec 29, 2001 at 01:49:46PM -0600 References: <20011229133456.J99302-100000@catalyst.sasknow.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 29, 2001 at 01:49:46PM -0600, Ryan Thompson wrote: > So, before I go hacking, hopefully someone can give me a clue to where > I can look to calculate a new MD5 salt. Salt is just some randomness thrown in so that you can't just make a standard dictionary to compare hashed passwords with. All you need to do is make the relevant number of random chars. Personally, I just run the current time as a string (from strftime(3)) through the hash, and take the first couple of chars as an index into an array of allowable chars (modulo the size of the array, obviously). I'm sure someone on this list will tell us if that's a completely stupid way of generating salt... -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011230043020.A9927>