Date: Sat, 05 Dec 1998 20:54:21 -0500 From: Geoffrey Robinson <geoffr@globalserve.net> To: questions@FreeBSD.ORG Subject: Crypt and Salt Message-ID: <3669E3CD.A2FCC31@globalserve.net>
next in thread | raw e-mail | index | archive | help
Hi. I'm working on a project that requires passwords and decided the UNIX style of encrypting them was the best way to go. No problems getting crypt() to work but I'm confused about the use of salt. I can see that using different strings for salt causes crypt() to return different encrypted strings for the same key. This isn't a problem if I hard code the salt string into my programs so that it encrypts the same way each time but I can see from other programs like htpasswd.c and adduser that the salt string is generated randomly. If keys are encrypted using random salt strings how do authentication programs determine the original salt string used to encrypt a password in the password file before encrypting a password entered during login for comparison? What is the purpose of salt other than just making crypt() more random? Thanks -- Geoffrey Robinson geoffr@globalserve.net Oakville, Ontario, Canada. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3669E3CD.A2FCC31>