From: Hans-Albert Schneider <Hans-Albert@HA-Schneider.de>
To: David S Gathright <David.Gathright@lasp.colorado.edu>, gargp@acm.org
Cc: help-gnats@gnu.org
Subject: Re: Trouble using encrypted passwords
Date: Mon, 10 Nov 2003 23:54:00 -0000 [thread overview]
Message-ID: <200311110051.23041.Hans-Albert@HA-Schneider.de> (raw)
In-Reply-To: <1068501368.1169.61.camel@red5>
Am Montag, 10. November 2003 22:56 schrieb David S Gathright:
[...]
> To use DES encryption (instead of MD5 or no encryption), simply
> generate passwords using the standard crypt() function. You can do
> this in either C or perl (and I'm sure, in python, if I knew
> anything about that). Here is a command line quickie:
>
> machine% perl -e 'print crypt("password", "salt" ), "\n"'
>
> On my box, this generates the encrypted string: "sa3tHJ3/KuYvI"
> Now, testing the black magic that is the crypt function, you should
> be able to get the same answer from the crypt function for this key
> using this encrypted string as the "salt" value:
>
> machine% perl -e 'print crypt("password", "sa3tHJ3/KuYvI" ), "\n"'
The salt is just the first two characters of the second argument. And
it is stored as the first two characters of the result (which is
always 13 characters in length, BTW). So using the encoded password
as the salt always works.
Actually, these characters are a base-64-representation (but not
base64 in the MIME sense) of a hash of the password. So the salt is
really a 12 bit value.
Concerning your "more paranoid version": I do not know what perl does
if the second argument to the crypt() function is not a string. It
may be that it takes the decimal representation of the number. This
would mean that you only will use 90 possible salts (namely,
[1-9][0-9]).
Hans-Albert
--
Hans-Albert Schneider
Munich, Germany
EMail: Hans-Albert@HA-Schneider.de
_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats
prev parent reply other threads:[~2003-11-10 23:54 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-10 18:33 David S Gathright
2003-11-10 18:48 ` Pankaj K Garg
2003-11-10 19:09 ` David S Gathright
2003-11-10 19:58 ` Pankaj K Garg
2003-11-10 22:20 ` David S Gathright
2003-11-10 23:54 ` Hans-Albert Schneider [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200311110051.23041.Hans-Albert@HA-Schneider.de \
--to=hans-albert@ha-schneider.de \
--cc=David.Gathright@lasp.colorado.edu \
--cc=gargp@acm.org \
--cc=help-gnats@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).