Mailinglist Archive: opensuse-security (601 mails)
| < Previous | Next > |
Re: [suse-security] crypt()
- From: Steffen Dettmer <steffen@xxxxxxx>
- Date: Wed, 16 Aug 2000 10:45:24 +0200
- Message-id: <20000816104524.C3432@xxxxxxxxx>
* alex medvedev wrote on Tue, Aug 15, 2000 at 12:09 -0500:
> hallo,
>
> where does the "salt value" come from in the crypt() function?
crypt makes a encrypted string from another string. If you hadn't
a salt value, you could crypt() a whole dictionary, and then you
could just compare your crypted strings with the strings from the
passwd/shadow file, and you would get passwords that are in the
dictionary very fast, and you would see whenever passwords are
equal or empty.
So a random salt value is choosen and stored with the encrypted
string. IIRC there are 4096 possibilities for the salt, so it's
more difficult to make a dictionary attack, since you cannot
crypt() the whole dictionary (or if you do, you get 4096 strings
for each word to compare!). Second, the crypted string is a
different one if you change you password to the same cleartext
value (since both would use a different salt).
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
> hallo,
>
> where does the "salt value" come from in the crypt() function?
crypt makes a encrypted string from another string. If you hadn't
a salt value, you could crypt() a whole dictionary, and then you
could just compare your crypted strings with the strings from the
passwd/shadow file, and you would get passwords that are in the
dictionary very fast, and you would see whenever passwords are
equal or empty.
So a random salt value is choosen and stored with the encrypted
string. IIRC there are 4096 possibilities for the salt, so it's
more difficult to make a dictionary attack, since you cannot
crypt() the whole dictionary (or if you do, you get 4096 strings
for each word to compare!). Second, the crypted string is a
different one if you change you password to the same cleartext
value (since both would use a different salt).
oki,
Steffen
--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
| < Previous | Next > |