Passwd Encryption (Re: Linux security)
On Tue, 18 Aug 1998, Steve Lamb wrote:
> On Tue, 18 Aug 1998 23:27:40 -0500 (CDT), Nathan E Norman wrote:
>
> >No. The first two characters of the "Encrypted password" field are the
> >"salt"; the plaintext password collected from loogin or wherever is
> >crypted using that salt, and the result compared to the entire field.
>
> Hrm, guess things have changed since the other nutshell book was printed.
> :/
>
>
An extract from the crypt(3) man page:
crypt is the password encryption function. It is based on
the Data Encryption Standard algorithm with variations
intended (among other things) to discourage use of hard
ware implementations of a key search.
key is a user's typed password.
salt is a two-character string chosen from the set
[a-zA-Z0-9./]. This string is used to perturb the algo
rithm in one of 4096 different ways.
By taking the lowest 7 bit of each character of the key, a
56-bit key is obtained. This 56-bit key is used to
encrypt repeatedly a constant string (usually a string
consisting of all zeros). The returned value points to
the encrypted password, a series of 13 printable ASCII
characters (the first two characters represent the salt
itself). The return value points to static data whose
content is overwritten by each call.
Chris
-------------------------------------------------------------------
Debian GNU/Linux.... Ooohh You are missing out!
-------------------------------------------------------------------
Reply with subject 'key' for PGP public key. KeyID A9E087D5
Reply to: