<div dir="ltr"><div><div><div><div><div><div>Tim, <br><br></div>Thanks<br><br>The vague answer was good enough, but thanks for being thorough. <br><br></div>So the app stores the salt in a safe place, more or less to summarize? <br>
<br></div>And in the case of /etc/shadow it is stored there. <br><br></div>In the case of me building an app from scratch, I generate a random salt and store.<br><br></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Mon, Jan 6, 2014 at 5:19 PM, Tim Randles <span dir="ltr"><<a href="mailto:tim.randles@gmail.com" target="_blank">tim.randles@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Sorry, that was suitably vague. Example:<div><br></div><div>root:$1$12192013$blahblahblahblahblahbl:.....<br></div><div><br></div><div>username:$<hash algo, 1 is MD5>$<salt>$<hashed password>:.....</div>
<div><div class="h5">
<div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jan 6, 2014 at 3:17 PM, Tim Randles <span dir="ltr"><<a href="mailto:tim.randles@gmail.com" target="_blank">tim.randles@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The salt is the second field ($-delimited) in /etc/shadow.</div><div class="gmail_extra"><br><br><div class="gmail_quote">
<div><div>On Mon, Jan 6, 2014 at 3:08 PM, Tom Hanlon <span dir="ltr"><<a href="mailto:tom@functionalmedia.com" target="_blank">tom@functionalmedia.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div><div><div><div><div><div><div><div><div><div><div><div><div><div>
<div><div><div><div><div><div>Colug, <br>
<br></div>Just catching up on MD5 SHA1 and associated collision issues. <br><br></div>Along the way I came across the wikipedia article on salt. <br>
<br><a href="http://en.wikipedia.org/wiki/Salt_%28cryptography%29" target="_blank">http://en.wikipedia.org/wiki/Salt_%28cryptography%29</a><br><br></div>I thought I understood the add salt and then hash process. <br><br>
</div>But then I thought again, it has been a long time since I had to talk about Bob alice and Ted trying to share secrets. So I need a refresher. <br>
<br></div>If Alice has a password after her cat, fluffy. <br><br></div>And we go to store that password we would hash it. <br><br></div>Before we hash it we add some salt ( now I am getting hungry for some salted hash) <br>
<br></div>So fluffy = > salt+fluffy =>hash => password file<br><br></div>Then when alice goes to login she types <br><br></div>fluffy => we add salt => salt+fluffy => hash <br><br></div>if hash == password file then she can access her bank account, if not she has to tall use her Mom's maiden name and her high school mascot. <br>
<br></div>So the question I have is..<br></div>The article describes the salt as randomly generated when the password is created. <br><br></div>Where do we store it ? <br><br></div>Obviously her newly generated Salt has to be kept on the authenticator's tool in some fashion. <br>
<br></div>Did I just ask a question or propose a meeting topic ? Or both ?<br><br></div>Anyhow.. <br><br></div>where is the salt ??<br><br></div>** note that although I added some humor (I hope) here and there, I am serious. Where is the salt lookup table stored ? <br>
<br>--<br></div>Tom <br></div>
<br></div></div>_______________________________________________<br>
colug-432 mailing list<br>
<a href="mailto:colug-432@colug.net" target="_blank">colug-432@colug.net</a><br>
<a href="http://lists.colug.net/mailman/listinfo/colug-432" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div></div></div></div>
<br>_______________________________________________<br>
colug-432 mailing list<br>
<a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br>
<a href="http://lists.colug.net/mailman/listinfo/colug-432" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
<br></blockquote></div><br></div>