LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] [stats]

  From: Adam Hawes <adam.hawes@flinders.edu.au>
  To  : Richard Russell <richard@yellowgoanna.com>
        David Lloyd <dlloyd@microbits.com.au>
        Andrew Galdes <AGaldes@elders.com.au>
  Date: Wed, 2 Jul 2003 11:45:29 +0930

Re: Linux knows too much

> >  1) The salt is generally small as far as computational power goes
>
> As I understand, salt is usually stored with the hash. I forget the
> details, but I have a feeling that the first two characters of your
> password are the salt for the rest... Think about it -- if the salt wasn't
> stored somewhere, how could you use it to recreate the hash?

The salt shouldn't need to be stored with the hash - there are only a small 
number of possible salt values (it's usually 2 random characters isn't it?), 
and it is not hard or time consuming to try all of them.  Admittedly if you 
were processing a huge number of logins then it would be a bottleneck, so 
that would be why Un*x stores the salt in the password file.

Adam

-- 
Adam Hawes
Ph.D Student
School of Engineering
Flinders University

ICQ:    2492016
Email:  adam.hawes@flinders.edu.au
Mobile: 0402 854 965

http://users.esc.net.au/~ahawes/bcc.html

-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author] [stats]

Return to the LinuxSA Mailing List Information Page