* alex medvedev wrote on Tue, Aug 15, 2000 at 12:09 -0500:
hallo,
where does the "salt value" come from in the crypt() function?
crypt makes a encrypted string from another string. If you hadn't a salt value, you could crypt() a whole dictionary, and then you could just compare your crypted strings with the strings from the passwd/shadow file, and you would get passwords that are in the dictionary very fast, and you would see whenever passwords are equal or empty. So a random salt value is choosen and stored with the encrypted string. IIRC there are 4096 possibilities for the salt, so it's more difficult to make a dictionary attack, since you cannot crypt() the whole dictionary (or if you do, you get 4096 strings for each word to compare!). Second, the crypted string is a different one if you change you password to the same cleartext value (since both would use a different salt). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.