Re: Hash salt (was Re: BCRYPT - Why not using it?)

To: debian-user@lists.debian.org
Subject: Re: Hash salt (was Re: BCRYPT - Why not using it?)
From: Ron Johnson <ron.l.johnson@cox.net>
Date: Thu, 07 Apr 2011 01:31:27 -0500
Message-id: <[🔎] 4D9D5A3F.8040701@cox.net>
In-reply-to: <[🔎] 20110407062042.GU6421@poseidon.cocyt.us>
References: <[🔎] 12f2c1f59d1.4865454608629713324.-8332657789241621968@zoho.com> <[🔎] 20110407011939.GP6421@poseidon.cocyt.us> <[🔎] 4D9D1B22.2010608@cox.net> <[🔎] 201104062240.58526.bss@iguanasuicide.net> <[🔎] 4D9D42F4.90706@cox.net> <[🔎] 20110407062042.GU6421@poseidon.cocyt.us>

On 04/07/2011 01:20 AM, Aaron Toponce wrote:

On Wed, Apr 06, 2011 at 11:52:04PM -0500, Ron Johnson wrote:

Is the salt just bits that are either pre- or suffixed to your
password before being run through the hashing function?


The salt is generally appended to the password. For the specific case of
passwd(1), I'm not entirely sure, without looking at the source.

The first 3 characters of every hash in my /etc/shadow are the same.
That's what, 24 bits?


Thats.... interesting. Each salt is created at random. Combined with the
password string, it shuold produce a very unique hash. Because your hashes
all start with the same 3 characters, then you've been very lucky in the
output, due to the immense size of the keyspace.

Having the first 3 characters all be "$6$" makes sense based upon theexplanation in your other email. I thought that was the salt. Eachuser's salt is definitely different.


--
"Neither the wisest constitution nor the wisest laws will secure
the liberty and happiness of a people whose manners are universally
corrupt."
Samuel Adams, essay in The Public Advertiser, 1749

Reply to:

Follow-Ups:
- Re: Hash salt (was Re: BCRYPT - Why not using it?)
  - From: Aaron Toponce <aaron.toponce@gmail.com>

References:
- BCRYPT - Why not using it?
  - From: johhny_at_poland77 <johhny_at_poland77@zoho.com>
- Re: BCRYPT - Why not using it?
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Hash salt (was Re: BCRYPT - Why not using it?)
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Hash salt (was Re: BCRYPT - Why not using it?)
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
- Re: Hash salt (was Re: BCRYPT - Why not using it?)
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Hash salt (was Re: BCRYPT - Why not using it?)
  - From: Aaron Toponce <aaron.toponce@gmail.com>

Prev by Date: Re: Hash salt (was Re: BCRYPT - Why not using it?)
Next by Date: Re: Hash salt (was Re: BCRYPT - Why not using it?)
Previous by thread: Re: Hash salt (was Re: BCRYPT - Why not using it?)
Next by thread: Re: Hash salt (was Re: BCRYPT - Why not using it?)
Index(es):
- Date
- Thread