[colug-432] Hash and salt, where does the salt go ?

Tim Randles tim.randles at gmail.com
Mon Jan 6 17:17:02 EST 2014


The salt is the second field ($-delimited) in /etc/shadow.


On Mon, Jan 6, 2014 at 3:08 PM, Tom Hanlon <tom at functionalmedia.com> wrote:

> Colug,
>
> Just catching up on MD5 SHA1 and associated collision issues.
>
> Along the way I came across the wikipedia article on salt.
>
> http://en.wikipedia.org/wiki/Salt_%28cryptography%29
>
> I thought I understood the add salt and then hash process.
>
> But then I thought again, it has been a long time since I had to talk
> about Bob alice and Ted trying to share secrets. So I need a refresher.
>
> If Alice has a password after her cat, fluffy.
>
> And we go to store that password we would hash it.
>
> Before we hash it we add some salt ( now I am getting hungry for some
> salted hash)
>
> So fluffy = > salt+fluffy =>hash => password file
>
> Then when alice goes to login she types
>
> fluffy => we add salt => salt+fluffy => hash
>
> if hash == password file then she can access her bank account, if not she
> has to tall use her Mom's maiden name and her high school mascot.
>
> So the question I have is..
> The article describes the salt as randomly generated when the password is
> created.
>
> Where do we store it ?
>
> Obviously her newly generated Salt has to be kept on the authenticator's
> tool in some fashion.
>
> Did I just ask a question or propose a meeting topic ? Or both ?
>
> Anyhow..
>
> where is the salt ??
>
> ** note that although I added some humor (I hope) here and there, I am
> serious. Where is the salt lookup table stored ?
>
> --
> Tom
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20140106/20cb2cfe/attachment.html 


More information about the colug-432 mailing list