Re: MD5 password salt calculation

From: Rik (freebsd-security@rikrose.net)
Date: 12/30/01

• Next message: Ryan Thompson: "Re: MD5 password salt calculation"
• Previous message: adfree114: "[±¤°í]¹®±¸°¡ µé¾î°£ ¸ÞÀÏÀ» 100% Â÷´ÜÇϴ¹ý !!"
• In reply to: Ryan Thompson: "MD5 password salt calculation"
• Next in thread: Ryan Thompson: "Re: MD5 password salt calculation"
• Reply: Ryan Thompson: "Re: MD5 password salt calculation"
• Reply: Allen Landsidel: "Re: MD5 password salt calculation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 30 Dec 2001 04:30:20 +0000
From: Rik <freebsd-security@rikrose.net>
To: Ryan Thompson <ryan@sasknow.com>

On Sat, Dec 29, 2001 at 01:49:46PM -0600, Ryan Thompson wrote:
> So, before I go hacking, hopefully someone can give me a clue to where
> I can look to calculate a new MD5 salt.

Salt is just some randomness thrown in so that you can't just make a
standard dictionary to compare hashed passwords with. All you need to do
is make the relevant number of random chars. Personally, I just run the
current time as a string (from strftime(3)) through the hash, and take
the first couple of chars as an index into an array of allowable chars
(modulo the size of the array, obviously).

I'm sure someone on this list will tell us if that's a completely stupid
way of generating salt...

-- 
PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org
Key fingerprint = 5EB1 4C63 9FAD D87B 854C  3DED 1408 ED77 D272 9A3F
Public key also encoded with outguess on http://rikrose.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Ryan Thompson: "Re: MD5 password salt calculation"
• Previous message: adfree114: "[±¤°í]¹®±¸°¡ µé¾î°£ ¸ÞÀÏÀ» 100% Â÷´ÜÇϴ¹ý !!"
• In reply to: Ryan Thompson: "MD5 password salt calculation"
• Next in thread: Ryan Thompson: "Re: MD5 password salt calculation"
• Reply: Ryan Thompson: "Re: MD5 password salt calculation"
• Reply: Allen Landsidel: "Re: MD5 password salt calculation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: MD5 password salt calculation ... >> I can look to calculate a new MD5 salt. ... >is make the relevant number of random chars. ... prediction reasons, and two more that are pretty hefty. ... Using urandom() not only gives ... (FreeBSD-Security) Re: How do I verify a users password? ... > seems like a pretty straight-forward thing to do, ... The length of the salt depends on the type of password, ... crypt, it knows how many chars to use. ... (comp.os.linux.security) Re: How do I verify a users password? ... > seems like a pretty straight-forward thing to do, ... The length of the salt depends on the type of password, ... crypt, it knows how many chars to use. ... (comp.os.linux.security) Re: using crypt output as a primary key in a RDBMS ... > Because the first 2 chars of the 13-char output are the salt ... > cryptnever equals cryptwhere s ne t. ... But how does one go about obtaining unique salt? ... (comp.security.unix)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint