What to use as salt in crypt?

What to use as salt in crypt?

Post by Mats Pettersso » Tue, 29 Jun 1999 04:00:00



Hi!

I'm trying to write a CGI script to manage e-mail users. When i set the
password for a user (with crypt()), what should i (preferable) use as
salt?

What does 'passwd' use as salt?

Thanks!

Mats

 
 
 

What to use as salt in crypt?

Post by elli » Tue, 29 Jun 1999 04:00:00




Quote:>What does 'passwd' use as salt?

Why don't you take a look at the source and see?

--
http://www.fnet.net/~ellis/photo/linux.html

 
 
 

What to use as salt in crypt?

Post by Christopher Brow » Wed, 30 Jun 1999 04:00:00


On Mon, 28 Jun 1999 18:39:27 +0200, Mats Pettersson


>I'm trying to write a CGI script to manage e-mail users. When i set the
>password for a user (with crypt()), what should i (preferable) use as
>salt?

>What does 'passwd' use as salt?

Consider grabbing some truly random data from /dev/random or /dev/urandom

--
Babbage's Rule: "No man's cipher is worth looking at unless the inventor
has himself solved a very difficult cipher" (The Codebreakers by Kahn,
2nd ed, pg 765)

 
 
 

What to use as salt in crypt?

Post by Christopher Brow » Wed, 30 Jun 1999 04:00:00


On Mon, 28 Jun 1999 18:39:27 +0200, Mats Pettersson


>I'm trying to write a CGI script to manage e-mail users. When i set the
>password for a user (with crypt()), what should i (preferable) use as
>salt?

>What does 'passwd' use as salt?

Consider grabbing some truly random data from /dev/random or /dev/urandom

--
Babbage's Rule: "No man's cipher is worth looking at unless the inventor
has himself solved a very difficult cipher" (The Codebreakers by Kahn,
2nd ed, pg 765)

 
 
 

What to use as salt in crypt?

Post by mumfo » Wed, 30 Jun 1999 04:00:00



Quote:>Hi!

>I'm trying to write a CGI script to manage e-mail users. When i set the
>password for a user (with crypt()), what should i (preferable) use as
>salt?

You should use a random salt.  Grab a couple of bytes off of /dev/random
# head -c 10 /dev/random | mmencode | head -c 2
cQ
# head -c 10 /dev/random | mmencode | head -c 2
Bi

Quote:>What does 'passwd' use as salt?

Look in the source for passwd to find out.

--

Email to me must have my address in either the To: or Cc: field.  All other
mail will be bounced automatically as spam.
PGPprint = E3 0F DE CC 94 72 D1 1A  2D 2E A9 08 6B A0 CD 82

 
 
 

What to use as salt in crypt?

Post by Kaz Kylhe » Sat, 03 Jul 1999 04:00:00




>>Hi!

>>I'm trying to write a CGI script to manage e-mail users. When i set the
>>password for a user (with crypt()), what should i (preferable) use as
>>salt?

>You should use a random salt.  Grab a couple of bytes off of /dev/random
># head -c 10 /dev/random | mmencode | head -c 2
>cQ
># head -c 10 /dev/random | mmencode | head -c 2
>Bi

>>What does 'passwd' use as salt?

>Look in the source for passwd to find out.

Looking at the source code won't necessarily tell you the rationale behind the
salt.

The salt serves as an initial vector for seeding the encryption hashing
function. This initial vector is concatenated to the result, so that
it can be used to seed the verification.

What it does is provide additional protection against attacks that use a
plaintext/ciphertext dictionary.  Without the initial vector, each password
would have exactly one hash, enabling crackers to construct space-efficient
password/hash dictionaries in which a hash could be located to retrieve
the corresponding password. The salt somewhat confounds this effort, by
requiring the cracker to store 4096 possible hashes, multiplying the
space requirements by four thousand. Thus a dictionary that could
be otherwise stored on, say, a 4GB hard drive suddenly requires a 16 terabyte
hard drive (or 4096 4GB hard drives).

The salt also provides some protection against programs such as crack which
work on large collections of passwords simultaneously. Each password guess
produced by the crack program must be hashed as many times as there are unique
salts in the set being cracked.  If all the passwords in a file had the same
salt (or, analogously, if no salt mechanism wer used), then only one hash
operation would have to be done by crack for each generated guess.  The salt
forces crack to repeat the hash, so that operating on a whole password file is
not much more efficient than operating on individual passwords.  Of course, no
more than 4096 hash operations have to be performed on any given guess.

Ideally, the salt should be random. There should be a high likelihood that
every password in your password file has a unique salt. If every password has
the same salt, then cracking is faster. In reality, if someone malicious gets a
hold of your password file, you are in trouble no matter what. The real
solution is to use longer password phrases and crypto stonger than DES.

The salt can be used to encode meta-information about the password, such as the
date that the password was created. Such information can be then used to
implement password aging.

 
 
 

1. Importance of the salt when using the crypt() function

I am working on a project which is creating a front-end for the crypt()
function (available on most Linux and UNIX systems).

I wish to keep my definition of the project on a simpler level than the one
that it really operates on in order to keep the question itself simple.
With that in mind, I will say that the program on its most basic level is
checking to see if passwords in '/etc/passwd' or '/etc/shadow' are from a
dictionary.

It does this using crypt(), which uses the systems' native cipher to encrypt
each dictionary word.  The program then checks to see if the outcome is
equal to the encrypted password from '/etc/password'.  When using crypt(), I
pass two arguments (in accordance with the man page for crypt).  The first
argument is the dictionary word to be encrypted.  The second is the salt,
for which I have been using the original encrypted password from
'/etc/password'.  I do not have a complete understanding on the function of
the salt or why using the original password as the salt is the suggested
method (which, again, I got from the crypt man page).

This works, the program is successfull on this level.  But due to the
complexity of the real program, there arises a need to use something else as
the salt.  Let's assume that I can't have access to the original encrypted
password when I am encrypting the words from the wordlist, and that I want
to use the encrypted wordlist against many different passwords at a later
time.  Is this possible, to use something totally unrelated to the encrypted
passwords for the salt?

Does the salt really change the final outcome of crypt()?

Thanks for any help or pointers!

Sincerely,

Ryan T. Rhea
Winthrop University

(remove the obvious to reply...)

2. Problems with SCSI disks

3. Salt and Crypt Question

4. Hp 895 Cxi deskJet Printer

5. crypt salt length

6. ppp and trumpet winsock ???

7. Question about user authentication by crypt(key, salt)

8. ipfw and outgoing active ftp

9. calculating salt for crypt()

10. Changing salt for passwd crypt()?

11. crypt, salt, and /etc/passwd

12. crypt(pw,salt) subroutine

13. crypt salt question