Date: Sun, 30 Dec 2001 01:38:54 -0500 From: Bill Vermillion <bv@wjv.com> To: security@FreeBSD.ORG Subject: Re: MS5 password salt calculation Message-ID: <20011230013854.A39364@wjv.com> In-Reply-To: <bulk.34219.20011229215845@hub.freebsd.org>; from owner-freebsd-security-digest@FreeBSD.ORG on Sat, Dec 29, 2001 at 09:58:46PM -0800 References: <bulk.34219.20011229215845@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Sat, 29 Dec 2001 23:00:12 -0600 (CST) > From: Ryan Thompson <ryan@sasknow.com> > Subject: Re: MD5 password salt calculation > Rik wrote to Ryan Thompson: > Hi Rik, > > Salt is just some randomness thrown in so that you can't just make > > a standard dictionary to compare hashed passwords with. All you > > need to do is make the relevant number of random chars. > Right.. I gather it's still the convention to use $1$ to differentiate > between DES/MD5, in the case where both password formats are being > imported. Is $1$ pretty much caught on everywhere? I've seen it in > OpenBSD and NetBSD, probably even Linux, but it's been awhile since I > looked. You can't say that $1$ 'caught on' as that's the way it is defined to indicate what follows. The $1$ indicates the following is an MD5. I was looking for the docs the other day, and from memory if the first characters are $5$, then that indicates that the following string would be blowfish encryption. You should also not that the next $ is the salt separator, and on my system there are typically 8 digits after $1$ and before the next $, for 2trillion+ salts. > End of security-digest V5 #390 > with unsubscribe freebsd-security-digest in the body of the message Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011230013854.A39364>