[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Passwd Encryption (Re: Linux security)

On Tue, 18 Aug 1998, Steve Lamb wrote:

> On Tue, 18 Aug 1998 23:27:40 -0500 (CDT), Nathan E Norman wrote:
> 
> >No.  The first two characters of the "Encrypted password" field are the
> >"salt"; the plaintext password collected from loogin or wherever is
> >crypted using that salt, and the result compared to the entire field.
> 
>     Hrm, guess things have changed since the other nutshell book was printed.
>  :/
> 
> 


An extract from the crypt(3) man page:


       crypt is the password encryption function.  It is based on
       the Data Encryption  Standard  algorithm  with  variations
       intended  (among  other things) to discourage use of hard­
       ware implementations of a key search.

       key is a user's typed password.

       salt  is  a  two-character  string  chosen  from  the  set
       [a-zA-Z0-9./].   This  string is used to perturb the algo­
       rithm in one of 4096 different ways.

       By taking the lowest 7 bit of each character of the key, a
       56-bit  key  is  obtained.   This  56-bit  key  is used to
       encrypt repeatedly a constant  string  (usually  a  string
       consisting  of  all  zeros).  The returned value points to
       the encrypted password, a series  of  13  printable  ASCII
       characters  (the  first  two characters represent the salt
       itself).  The return value points  to  static  data  whose
       content is overwritten by each call.




Chris




-------------------------------------------------------------------
          Debian GNU/Linux....  Ooohh You are missing out!
-------------------------------------------------------------------
Reply with subject 'key' for PGP public key.  KeyID A9E087D5
Reply to: