Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Using a salt value
Top Forums Programming Using a salt value Post 302712313 by JohnGraham on Tuesday 9th of October 2012 04:43:24 AM
Old 10-09-2012
At least for passwords made with crypt() (see 'man 3 crypt'), the salt is the first two characters of the generated hash - this makes duplicates look different, while allowing easy computation when entering the password.

Here's a test program I wrote a while ago demonstrating basic use of crypt(), but still find useful - if you run it you'll notice the first two characters of the output are the two-byte salt (compile with '-lcrypt'):

Code:
#define _GNU_SOURCE

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <string.h>

#include <sys/time.h>
#include <unistd.h>

char *random_salt()
{
    // Failure is fine (assume garbage on stack will do at a push).
    struct timeval tv;
    if (gettimeofday(&tv, NULL) != 0) {
        fprintf(stderr, "Warning: Could not gettimeofday: %m.\n");
        fprintf(stderr, "Just using garbage on stack as randomness.\n");
    }
    srand(tv.tv_sec + tv.tv_usec);

    const char *salt_chars =
        "abcdefghijklmnopqrstuvwxyz"
        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
        "0123456789" "./";

    static char salt[3] = "\0\0\0";

    salt[0] = salt_chars[rand() % strlen(salt_chars)];
    salt[1] = salt_chars[rand() % strlen(salt_chars)];

    return salt;
}

int main(int argc, char *argv[])
{
    if (argc != 2 && argc != 3) {
        fprintf(stderr, "Usage: crypt PASSPHRASE [SALT]\n");
        fprintf(stderr, "(If no SALT is given, a random one is chosen)\n");
        return 1;
    }

    if (argc == 3 && strlen(argv[2]) != 2) {
        fprintf(stderr, "Error: salt must be 2 bytes long\n");
        return 1;
    }

    char *salt = (argc == 3) ? argv[2] : random_salt();

    char *pass = crypt(argv[1], salt);
    if (pass) {
        printf("%s\n", pass);
        return 0;
    } else {
        fprintf(stderr, "Error: %m\n");
        return 1;
    }
}

 

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

What is "salt character" and what does it do?

Hi, lads. Good day. I have one question to ask. I read on the Internet, for the SUSE system, the password is encrypted into 13 characters, and the first 2 characters are called salt characters? Is there any special meaning for salt? Why we need these salt characters? And, I have a look at... (1 Reply)
Discussion started by: yjck71
1 Replies

2. UNIX for Dummies Questions & Answers

Increase salt size

Unix protect its password by using salt It that mean larger the salt size the more secure? if the salt size increase greatly, will the password still able to be cracked? thank you for helping (1 Reply)
Discussion started by: cryogen
1 Replies

3. Programming

4-Byte Salt (in hex) to Integer

If i have a salt that looks like this 'CFDB024F' (in hex) would the integer value be '3487236687' ? Is that correct? (1 Reply)
Discussion started by: cbreiny
1 Replies

4. OS X (Apple)

Question about openSSL and Salt

Hey all, i have an application i am developing and i would like to use the OpenSSL des3 encryption, the only problem i am having is when i need to input the second key verification. Heres what i have so far openssl des3 -salt -in /tmp -out pwenc.z | echo 1111 usually for password verification... (0 Replies)
Discussion started by: code_monkey
0 Replies

5. Cybersecurity

Wordpress and Joomla hash and salt

I would like to know where the hash and salt are in Wordpress and Joomla hashes? For example: In this wordpress hash P$BTBCNLQpY5CWWQ6XC4WJ6IPJQ877s3 where the salt is? In this Joomla hash $2y$10$io60pn4npWCRWwg4308pB.4rLmfz.vFwzxzYmX6W48Ff7wTi7ZEMO where the salt is? For example (source... (1 Reply)
Discussion started by: freeroute
1 Replies

LEARN ABOUT MINIX

crypt

CRYPT(3)						     Library Functions Manual							  CRYPT(3)

NAME

       crypt - one-way password encryption function

SYNOPSIS

       #define _MINIX_SOURCE 1
       #include <unistd.h>

       char *crypt(const char *key, const char *salt)

DESCRIPTION

       The  first  use	of  crypt()  is  to encrypt a password.  Its second use is to authenticate a shadow password.  In both cases crypt() calls
       pwdauth(8) to do the real work.

       Crypt() encrypts a password if called with a user typed key, and a salt whose first two characters  are	in  the  set  [./0-9A-Za-z].   The
       result  is  a  character  string in the [./0-9A-Za-z] alphabet of which the first two characters are equal to the salt, and the rest is the
       result of encrypting the key and the salt.

       If crypt() is called with a salt that has the form ##user then the key is encrypted and compared to the encrypted password of user  in  the
       shadow  password  file.	If they are equal then crypt() returns the ##user argument, if not then some other string is returned.	This trick
       assures that the normal way to authenticate a password still works:

	      if (strcmp(pw->pw_passwd, crypt(key, pw->pw_passwd))) ...

       If key is a null string, and the shadow password is a null string or the salt is a null string then  the  result  equals  salt.	 (This	is
       because the caller can't tell if a password field is empty in the shadow password file.)

       The key and salt are limited to 1024 bytes total including the null bytes.

FILES

       /usr/lib/pwdauth 	The password authentication program

SEE ALSO

       getpass(3), getpwent(3), passwd(5), pwdauth(8).

NOTES

       The result of an encryption is returned in a static array that is overwritten by each call.  The return value should not be modified.

AUTHOR

       Kees J. Bot (kjb@cs.vu.nl)

																	  CRYPT(3)
All times are GMT -4. The time now is 11:50 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy