[oclug] Encryption methods (for Linux 2.2.12) and password sa
lt questions
Strosberg, Bill
bill.strosberg at rcpsc.edu
Mon Mar 19 11:29:45 EST 2001
Liam,
Another thing, if you are working backwards from the entries in /etc/passwd
or /etc/shadow, you are right (in typical circumstances) that the salt is
the first two characters (encryption method dependant!). If you are
creating passwords however, you should use some random method for creating a
salt, as using the same salt over multiple passwords really reduces the
security of your systems.
--
Bill
-----Original Message-----
From: Liam Gibbs [mailto:lgibbs at microlegend.com]
Sent: Monday, March 19, 2001 11:14 AM
To: oclug at lists.oclug.on.ca
Subject: [oclug] Encryption methods (for Linux 2.2.12) and password salt
questions
Does anyone know what salt to use for encrypting strings in Linux 2.2.12? In
an example of a password check, I know that generally the UNIX method is to
take the first two characters of whatever the password is and use that as
the salt. But that seems to be impossible with Linux 2.2.12, as it seems (by
checking in /etc/passwd) that all of the passwords are x (not even two
characters). I've tried 'x' as the salt, but this wasn't successful. It also
seems strange to see that all of the passwords are x, and yet they're not
all the same password. Something is up, but I can't quite tell. Can anyone
help?
Thanks in advance,
Liam Gibbs
More information about the OCLUG
mailing list