[colug-432] Hash and salt, where does the salt go ?
Tim Randles
tim.randles at gmail.com
Mon Jan 6 17:19:41 EST 2014
Sorry, that was suitably vague. Example:
root:$1$12192013$blahblahblahblahblahbl:.....
username:$<hash algo, 1 is MD5>$<salt>$<hashed password>:.....
On Mon, Jan 6, 2014 at 3:17 PM, Tim Randles <tim.randles at gmail.com> wrote:
> The salt is the second field ($-delimited) in /etc/shadow.
>
>
> On Mon, Jan 6, 2014 at 3:08 PM, Tom Hanlon <tom at functionalmedia.com>wrote:
>
>> Colug,
>>
>> Just catching up on MD5 SHA1 and associated collision issues.
>>
>> Along the way I came across the wikipedia article on salt.
>>
>> http://en.wikipedia.org/wiki/Salt_%28cryptography%29
>>
>> I thought I understood the add salt and then hash process.
>>
>> But then I thought again, it has been a long time since I had to talk
>> about Bob alice and Ted trying to share secrets. So I need a refresher.
>>
>> If Alice has a password after her cat, fluffy.
>>
>> And we go to store that password we would hash it.
>>
>> Before we hash it we add some salt ( now I am getting hungry for some
>> salted hash)
>>
>> So fluffy = > salt+fluffy =>hash => password file
>>
>> Then when alice goes to login she types
>>
>> fluffy => we add salt => salt+fluffy => hash
>>
>> if hash == password file then she can access her bank account, if not she
>> has to tall use her Mom's maiden name and her high school mascot.
>>
>> So the question I have is..
>> The article describes the salt as randomly generated when the password is
>> created.
>>
>> Where do we store it ?
>>
>> Obviously her newly generated Salt has to be kept on the authenticator's
>> tool in some fashion.
>>
>> Did I just ask a question or propose a meeting topic ? Or both ?
>>
>> Anyhow..
>>
>> where is the salt ??
>>
>> ** note that although I added some humor (I hope) here and there, I am
>> serious. Where is the salt lookup table stored ?
>>
>> --
>> Tom
>>
>> _______________________________________________
>> colug-432 mailing list
>> colug-432 at colug.net
>> http://lists.colug.net/mailman/listinfo/colug-432
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20140106/70275c31/attachment.html
More information about the colug-432
mailing list