hallo,
where does the "salt value" come from in the crypt() function? i guess i am looking for an answer for how it is "chosen from the set [a-zA-Z0-9./]". i noticed that the salt value is always the first two chars in the encrypted passwd string, but where does it come from?
thanks,
-alexm
Hi Alex, The salt as used with crypt(3) does not come from the crypt(3) function itself. An application using crypt(3) must provide these two characters (the string). passwd(1) uses values taken from gettimeofday(2), getpid(2) and clock(3), and transforms them to the set of characters expected by crypt(3). Basically, the randomness of these characters is fairly bad, but being a good random number isn't really the purpose of the salt string. In the rare case of two users using the same password, the different salt used with crypt(3) makes the encrypted passwords look different. Regards, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -