RE: Values to use for a salt?
From: Fletcher, Stephen J (stephen.fletcher_at_eds.com)
Date: 12/19/03
- Previous message: Michael Wojcik: "RE: Values to use for a salt?"
- Maybe in reply to: Craig Minton: "Values to use for a salt?"
- Next in thread: Brian Hatch: "Re: Values to use for a salt?"
- Reply: Brian Hatch: "Re: Values to use for a salt?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: secprog@securityfocus.com Date: Fri, 19 Dec 2003 17:09:34 +1100
How does an md5 crypt style hash store the salt? ie. the password hashes
that begin with $1$
If you use a large salt such as 32 characters does the entire salt get used
or only a part of it?
-----Original Message-----
From: Brian Hatch [mailto:bri@ifokr.org]
Sent: Friday, 19 December 2003 7:09 AM
To: Scott Cleven-Mulcahy
Cc: secprog@securityfocus.com; marian.ion@e-licitatie.ro
Subject: Re: Values to use for a salt?
> On a related note, earlier someone asked if it was advisable to use the
> user's account name as the salt value. The answer is no. To be
effective,
> the salt value should be kept secret. In essence, what we're talking
about
> are HMACs (hashed method authentication codes). HMACs are only as good as
> the secrecy of the key - and account names are not secret.
Salts should be completely random. Always.
Should salts be secret? Maybe it depends on the system, but if
you take unix password hashing, salts are *NEVER* secret:
$ perl -e 'print crypt( "my pass", "salt" ), "\n"'
saTFlq8BYSMRY
In this case we're using a DES-style hash, with a salt 'salt'.
Salts for this form of crypt are actually only two characters
long, so the salt is really just 'sa'.
Note the first two letters of the resulting hash: 'sa'.
The salt is stored as part of the result.
To check, a password, you'd use this:
# the hashed password, as snagged from /etc/shadow, etc
$hash='saTFlq8BYSMRY';
# the password to try, as snagged from the user
$pass="my pass";
if ( crypt($pass,$hash) eq $hash ) {
print "Yes, they're the same\n"
}
There's no way to verify a password unless you know the salt,
which is always the first two characters of the hashed password
(hense using '$hash' as the second argument to crypt above.)
The salt needs to be stored somewhere, and needs to be available
to the password checking routine. It doesn't necessarily need
to be in the hash result itself, but it needs to be somewhere.
-- Brian Hatch "The secret of our marriage's Systems and success, Londo, is our lack of Security Engineer communication. You've jeopardised http://www.ifokr.org/bri/ that success and I would know why." Every message PGP signed
- Previous message: Michael Wojcik: "RE: Values to use for a salt?"
- Maybe in reply to: Craig Minton: "Values to use for a salt?"
- Next in thread: Brian Hatch: "Re: Values to use for a salt?"
- Reply: Brian Hatch: "Re: Values to use for a salt?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
