[lug] [OT] sha1 algorithm, no salt?
Alan Robertson
alanr at unix.sh
Tue Sep 10 06:13:21 MDT 2002
D. Stimits wrote:
> Rob Judd wrote:
>
>
> Yes, it makes sense. What triggers the question is that the glibc
> version of crypt() will use MD5 instead of DES if you supply a salt
> starting with "$1$", but it still seems to use the remaining part as a
> salt. Strangely, I could not find any real reference to salts in rfc's,
> though I've looked most closely at SHA1. My guess is that the only
> reason a salt is available for the MD5 version of crypt() is for some
> weird backwards compatibility, and possibly so that the same password
> would not be obviously the same on multiple systems if they were all
> viewed (they would appear to hash differently unless the salts were also
> the same...a salt would add some difference between machines if the pass
> itself were invariant...perhaps a minor advantage).
This last piece is *exactly* why it does it. That's why it did it in the
first place with its original algorithm.
-- Alan Robertson
alanr at unix.sh
More information about the LUG
mailing list