Re: Values to use for a salt?
From: Casper *** (casper_at_holland.sun.com)
Date: 12/19/03
- Previous message: Brian Hatch: "Re: Values to use for a salt?"
- In reply to: Brian Hatch: "Re: Values to use for a salt?"
- Next in thread: Richard M. Conlan: "Re: Values to use for a salt?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Brian Hatch <bri@ifokr.org> Date: Fri, 19 Dec 2003 20:59:55 +0100
>If you're going to salt, then you need to put the salt at the *END*
>of the password. Otherwise the cracker can precompute the salt in
>the hashing routine, and there's no speed difference between a salted
>password and an unsalted password.
The "SALT" in the traditional Unix crypt(3c) code is not hashed with the
password; it modifies the algorithm used to crypt the password.
But indeed, the commonly used md5 hashes do hasg the salt after
the password.
Casper
- Previous message: Brian Hatch: "Re: Values to use for a salt?"
- In reply to: Brian Hatch: "Re: Values to use for a salt?"
- Next in thread: Richard M. Conlan: "Re: Values to use for a salt?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
