[lug] salt for md5 passwords?
rm at fabula.de
rm at fabula.de
Fri Oct 12 04:43:39 MDT 2001
On Thu, Oct 11, 2001 at 03:24:03PM -0500, charles at lunarmedia.net wrote:
> can someone tell me what salt is used for md5 passwords? i think i've been
> trying using the typical salt for standard crypt passwords,
> substr(password, 0, 2);
> which does not seem to be working.
Hmm, MD5 passwords don't use a salt value at all. If you talk
about the crypt(3) implementation: if you give crypt(3) the
'magic' value of '$1$' as a salt (which is an invalid salt
for traditional crypt since it's three chars long) than it'll
use the MD5 algorithm. If you use shadow passwords you'll see
'$1$' in front of the MD5 password entries. If you try to check
a given password angainst an encypted entry you need to test for
the existance of '$1$' in front of the password. Actually, if your
implementation of crypt(3) isn't broken you just need to check the
first char of the encrypted password - if it's '$' then you need
to use MD5 ('$' isn't a valid crypt salt, only [a-zA-Z0-9./] can
be used).
Hope this helps
Ralf Mattes
> thanks -charles
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list