Re: Values to use for a salt?
From: Brian Hatch (bri_at_ifokr.org)
Date: 12/19/03
- Previous message: Mark Burnett: "RE: Values to use for a salt?"
- In reply to: Fletcher, Stephen J: "RE: Values to use for a salt?"
- Next in thread: Scott Cleven-Mulcahy: "RE: Values to use for a salt?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Dec 2003 09:35:15 -0800 To: "Fletcher, Stephen J" <stephen.fletcher@eds.com>
> How does an md5 crypt style hash store the salt? ie. the password hashes
> that begin with $1$
> If you use a large salt such as 32 characters does the entire salt get used
> or only a part of it?
DES-based crypt uses a salt that's the first two chars of
the hashed passwd:
UWOluFloQB3BI salt is UW
Other unix crypt methods indicate which kind of hash
is being used between the first set of $ signs, the
salt between the next set, and the resulting hash at
the end.
$1$2vW1uUxa$YKbRhlaRFsXJuEwjwvGEQ1
type is md5 (from the '$1$' part)
Salt is 2vW1uUxa
Resulting hash is YKbRhlaRFsXJuEwjwvGEQ1
-- Brian Hatch I don't speak for Systems and anyone else. I Security Engineer do speak to http://www.ifokr.org/bri/ myself though. Every message PGP signed
- application/pgp-signature attachment: stored
- Previous message: Mark Burnett: "RE: Values to use for a salt?"
- In reply to: Fletcher, Stephen J: "RE: Values to use for a salt?"
- Next in thread: Scott Cleven-Mulcahy: "RE: Values to use for a salt?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
