Solved

Salt to encrypt password

Posted on 1998-10-14
4
506 Views
Last Modified: 2013-12-26
In a unix server, what salt is used to encrypt the password.
I know the perl script is:
crypt($password, $pwdsalt);
but How do I get $pwdsalt?  
0
Comment
Question by:Lee5
  • 3
4 Comments
 
LVL 3

Accepted Solution

by:
dhm earned 50 total points
ID: 1293706
$pwsalt is two characters that are mixed into the encryption process to cause a password to encrypt to different strings.  For example:

crypt( "Hello", "AB" ) => "AB/uOsC7P93EI"
crypt( "Hello", "XX" ) => "XXugOcRkxskLA"

As you can see, the salt characters appear as the first two characters of the result of crypt(); the rest of the results are completely different, even though the passwords were the same.  The reason Unix uses salt is to make a dictionary password attack more difficult: without salt, somebody could just run crypt() on a bunch of words and store the plain/crypted versions.  Then, when they wanted to crack a password, they could just look up the encrypted string and get back the original password.  With salt, the attacker has to run crypt hundreds of times on each word (once for each possible salt) and store hundreds of possible encrypted passwords for each word in the dictionary.  This is becoming more feasible, but it's still harder than without salt.

As for what you should pass for $pwdsalt when you call crypt(), if you're trying to verify a password, then you have to pass the first two characters of the encrypted password you're verifying against.  If you're encrypting a new password, then pick two random characters.  In addition to alphanumerics, I think several punctuation characters are legal for use as salt, but I don't know exactly which ones.  When I want to encrypt a new password in perl, I do this:

$t = srand( time( ) + $$ );
$salt1 = chr( rand( ) * 26 + ord( 'A' ) );
$salt2 = chr( rand( ) * 26 + ord( 'A' ) );

print( crypt( $new_password, $salt1.$salt2 ), "\n" );

0
 
LVL 84

Expert Comment

by:ozo
ID: 1293707
dhm is correct, and an upper case salt should be fine.
if you want to use all possible characters, you could do something like:

$salt=join'',('a'..'z','A'..'Z','0'..'9','.','/')[rand(64),rand(64)];
0
 
LVL 3

Expert Comment

by:dhm
ID: 1293708
Ozo: that's a pretty cool Perlism.  I hope you don't mind if I add it to my crypted-password generating program!
0
 
LVL 3

Expert Comment

by:dhm
ID: 1293709
Ozo: that's a pretty cool Perlism.  I hope you don't mind if I add it to my crypted-password generating program!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How do you programatically show and hide the Windows 10 On-Screen-Keyboard? 3 524
sumDigits challenge 9 123
format the code in java 6 86
unix example issues 18 73
This is to be the first in a series of articles demonstrating the development of a complete windows based application using the MFC classes.  I’ll try to keep each article focused on one (or a couple) of the tasks that one may meet.   Introductio…
Introduction: Hints for the grid button.  Nested classes, templated collections.  Squash that darned bug! Continuing from the sixth article about sudoku.   Open the project in visual studio. First we will finish with the SUD_SETVALUE messa…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now