10-09-2012
Using a salt value
Hi,
I've been reading up on using a salt value when creating a password to make it more secure, what I can't get my head round is how do you remember this salt value?
I'm guessing that when a user logs in to be able to compare the password entered with the one in the database you would need to again add the salt value to the entered password.
Am I missing something really obvious?
Thanks in Advance
5 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi, lads. Good day.
I have one question to ask.
I read on the Internet, for the SUSE system, the password is encrypted into 13 characters, and the first 2 characters are called salt characters? Is there any special meaning for salt? Why we need these salt characters?
And, I have a look at... (1 Reply)
Discussion started by: yjck71
1 Replies
2. UNIX for Dummies Questions & Answers
Unix protect its password by using salt
It that mean larger the salt size the more secure?
if the salt size increase greatly, will the password still able to be cracked?
thank you for helping (1 Reply)
Discussion started by: cryogen
1 Replies
3. Programming
If i have a salt that looks like this 'CFDB024F' (in hex) would the integer value be '3487236687' ?
Is that correct? (1 Reply)
Discussion started by: cbreiny
1 Replies
4. OS X (Apple)
Hey all, i have an application i am developing and i would like to use the
OpenSSL des3 encryption, the only problem i am having is when i need to input the second key verification. Heres what i have so far
openssl des3 -salt -in /tmp -out pwenc.z | echo 1111
usually for password verification... (0 Replies)
Discussion started by: code_monkey
0 Replies
5. Cybersecurity
I would like to know where the hash and salt are in Wordpress and Joomla hashes?
For example: In this wordpress hash P$BTBCNLQpY5CWWQ6XC4WJ6IPJQ877s3 where the salt is?
In this Joomla hash $2y$10$io60pn4npWCRWwg4308pB.4rLmfz.vFwzxzYmX6W48Ff7wTi7ZEMO where the salt is?
For example (source... (1 Reply)
Discussion started by: freeroute
1 Replies
LEARN ABOUT MINIX
pwdauth
PWDAUTH() PWDAUTH()
NAME
pwdauth - password authentication program
SYNOPSIS
/usr/lib/pwdauth
DESCRIPTION
Pwdauth is a program that is used by the crypt(3) function to do the hard work. It is a setuid root utility so that it is able to read the
shadow password file.
Pwdauth expects on standard input two null terminated strings, the password typed by the user, and the salt. That is, the two arguments of
the crypt function. The input read in a single read call must be 1024 characters or less including the nulls. Pwdauth takes one of two
actions depending on the salt.
If the salt has the form "##user" then the user is used to index the shadow password file to obtain the encrypted password. The input
password is encrypted with the one-way encryption function contained within pwdauth and compared to the encrypted password from the shadow
password file. If equal then pwdauth returns the string "##user" with exit code 0, otherwise exit code 2 to signal failure. The string
"##user" is also returned if both the shadow password and the input password are null strings to allow a password-less login.
If the salt is not of the form "##user" then the password is encrypted and the result of the encryption is returned. If salt and password
are null strings then a null string is returned.
The return value is written to standard output as a null terminated string of 1024 characters or less including the null.
The exit code is 1 on any error.
SEE ALSO
crypt(3), passwd(5).
NOTES
A password must be checked like in this example:
pw_ok = (strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd) == 0);
The second argument of crypt must be the entire encrypted password and not just the two character salt.
AUTHOR
Kees J. Bot (kjb@cs.vu.nl)
PWDAUTH()