Date: Sat, 5 Dec 1998 19:12:39 -0800 (PST) From: Dan Busarow <dan@dpcsys.com> To: Geoffrey Robinson <geoffr@globalserve.net> Cc: questions@FreeBSD.ORG Subject: Re: Crypt and Salt Message-ID: <Pine.BSF.3.96.981205191134.10119A-100000@java.dpcsys.com> In-Reply-To: <3669E3CD.A2FCC31@globalserve.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 5 Dec 1998, Geoffrey Robinson wrote: > I'm working on a project that requires passwords and decided the UNIX style > of encrypting them was the best way to go. No problems getting crypt() to > work but I'm confused about the use of salt. I can see that using different > strings for salt causes crypt() to return different encrypted strings for > the same key. This isn't a problem if I hard code the salt string into my > programs so that it encrypts the same way each time but I can see from > other programs like htpasswd.c and adduser that the salt string is > generated randomly. If keys are encrypted using random salt strings how do > authentication programs determine the original salt string used to encrypt > a password in the password file before encrypting a password entered during > login for comparison? What is the purpose of salt other than just making > crypt() more random? The first two characters of the encrypted string are the salt. Dan -- Dan Busarow 949 443 4172 Dana Point Communications, Inc. dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981205191134.10119A-100000>