Using a salt value Post: 302712313

Sponsored Content

Top Forums Programming Using a salt value Post 302712313 by JohnGraham on Tuesday 9th of October 2012 04:43:24 AM

10-09-2012

Registered User

At least for passwords made with crypt() (see 'man 3 crypt'), the salt is the first two characters of the generated hash - this makes duplicates look different, while allowing easy computation when entering the password.

Here's a test program I wrote a while ago demonstrating basic use of crypt(), but still find useful - if you run it you'll notice the first two characters of the output are the two-byte salt (compile with '-lcrypt'):

Code:

#define _GNU_SOURCE

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <string.h>

#include <sys/time.h>
#include <unistd.h>

char *random_salt()
{
    // Failure is fine (assume garbage on stack will do at a push).
    struct timeval tv;
    if (gettimeofday(&tv, NULL) != 0) {
        fprintf(stderr, "Warning: Could not gettimeofday: %m.\n");
        fprintf(stderr, "Just using garbage on stack as randomness.\n");
    }
    srand(tv.tv_sec + tv.tv_usec);

    const char *salt_chars =
        "abcdefghijklmnopqrstuvwxyz"
        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
        "0123456789" "./";

    static char salt[3] = "\0\0\0";

    salt[0] = salt_chars[rand() % strlen(salt_chars)];
    salt[1] = salt_chars[rand() % strlen(salt_chars)];

    return salt;
}

int main(int argc, char *argv[])
{
    if (argc != 2 && argc != 3) {
        fprintf(stderr, "Usage: crypt PASSPHRASE [SALT]\n");
        fprintf(stderr, "(If no SALT is given, a random one is chosen)\n");
        return 1;
    }

    if (argc == 3 && strlen(argv[2]) != 2) {
        fprintf(stderr, "Error: salt must be 2 bytes long\n");
        return 1;
    }

    char *salt = (argc == 3) ? argv[2] : random_salt();

    char *pass = crypt(argv[1], salt);
    if (pass) {
        printf("%s\n", pass);
        return 0;
    } else {
        fprintf(stderr, "Error: %m\n");
        return 1;
    }
}

JohnGraham

View Public Profile for JohnGraham

Find all posts by JohnGraham

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

What is "salt character" and what does it do?

Hi, lads. Good day. I have one question to ask. I read on the Internet, for the SUSE system, the password is encrypted into 13 characters, and the first 2 characters are called salt characters? Is there any special meaning for salt? Why we need these salt characters? And, I have a look at...

2. UNIX for Dummies Questions & Answers

Increase salt size

Unix protect its password by using salt It that mean larger the salt size the more secure? if the salt size increase greatly, will the password still able to be cracked? thank you for helping

3. Programming

4-Byte Salt (in hex) to Integer

If i have a salt that looks like this 'CFDB024F' (in hex) would the integer value be '3487236687' ? Is that correct?

4. OS X (Apple)

Question about openSSL and Salt

Hey all, i have an application i am developing and i would like to use the OpenSSL des3 encryption, the only problem i am having is when i need to input the second key verification. Heres what i have so far openssl des3 -salt -in /tmp -out pwenc.z | echo 1111 usually for password verification...

5. Cybersecurity

Wordpress and Joomla hash and salt

I would like to know where the hash and salt are in Wordpress and Joomla hashes? For example: In this wordpress hash P$BTBCNLQpY5CWWQ6XC4WJ6IPJQ877s3 where the salt is? In this Joomla hash $2y$10$io60pn4npWCRWwg4308pB.4rLmfz.vFwzxzYmX6W48Ff7wTi7ZEMO where the salt is? For example (source...

LEARN ABOUT NETBSD

openssl_passwd

PASSWD(1)							      OpenSSL								 PASSWD(1)

NAME

       passwd - compute password hashes

LIBRARY

       libcrypto, -lcrypto

SYNOPSIS

       openssl passwd [-crypt] [-1] [-apr1] [-salt string] [-in file] [-stdin] [-noverify] [-quiet] [-table] {password}

DESCRIPTION

       The passwd command computes the hash of a password typed at run-time or the hash of each password in a list.  The password list is taken
       from the named file for option -in file, from stdin for option -stdin, or from the command line, or from the terminal otherwise.  The Unix
       standard algorithm crypt and the MD5-based BSD password algorithm 1 and its Apache variant apr1 are available.

OPTIONS

       -crypt
	   Use the crypt algorithm (default).

       -1  Use the MD5 based BSD password algorithm 1.

       -apr1
	   Use the apr1 algorithm (Apache variant of the BSD algorithm).

       -salt string
	   Use the specified salt.  When reading a password from the terminal, this implies -noverify.

       -in file
	   Read passwords from file.

       -stdin
	   Read passwords from stdin.

       -noverify
	   Don't verify when reading a password from the terminal.

       -quiet
	   Don't output warnings when passwords given at the command line are truncated.

       -table
	   In the output list, prepend the cleartext password and a TAB character to each password hash.

EXAMPLES

       openssl passwd -crypt -salt xx password prints xxj31ZMTZzkVA.

       openssl passwd -1 -salt xxxxxxxx password prints $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a..

       openssl passwd -apr1 -salt xxxxxxxx password prints $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0.

1.0.1i								    2009-07-20								 PASSWD(1)