Date: Thu, 24 Aug 2000 21:32:31 -0600 From: Chris Fedde <chris@fedde.littleton.co.us> To: D M P <dmp@aracnet.com> Cc: "Andresen,Jason R." <jandrese@mitre.org>, freebsd-questions@FreeBSD.ORG Subject: Re: More questions about passwords [Was: Re: Encrypting a password for insertion using chpass(1)?] Message-ID: <200008250332.e7P3WVv18864@fedde.littleton.co.us> In-Reply-To: <39A4F193.9BE6005E@aracnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 24 Aug 2000 02:57:39 -0700 D M P wrote:
+------------------
| Ahh... good. I'm not very clear on the size of the salt value though.
| In perl, how many bits does the salt value have to be? Above I just
| assumed it was 64-bits, based on the password file having eight
| characters of salt, but crypt(3) says those characters are just 6
| bits long, and my perl book says its crypt() uses a salt of just 2
| characters.
+------------------
My quick (non scientific) testing indicates that it is 16 bytes when
called as I origionaly proposed.
perl -le 'print crypt("bazkel", "bazkel")'
baSsanFIV6sE6
perl -le 'print crypt("bazkel", "frombits")'
frjbosw8S4HXc
perl -le 'print crypt("mab4fo2", "frombits")'
frvpi82p0N0R2
This is consistant with the historical form of the unix password
field.
+------------------
| > By the way, one thing that is important is to get a truely random salt
| > value, since pseudorandom salt values are easier to crack. This is not
| > easy on a computer, rand() and even random() are not up to the task, and
| > the Camel book's suggestion is terrible (they use the first few bytes of
| > ps output piped to gzip, which is always the gzip magic number!).
| > Generally people try something like two random bytes in the current
| > system time munged with ps output compressed with gzip.
|
| Anyone know where I can get a geiger counter and some Cesium-137? ;)
+------------------
Take a look at /dev/urandom. It's designed to be reasonably good
for most needs for random data. And given that 8 character passwords
are not all that strong anyway this should be fine for the purposes
of the OP.
chris
--
Chris Fedde
303 773 9134
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008250332.e7P3WVv18864>