Thread: Re: [HACKERS] You're on SecurityFocus.com for the cleartext passwords.

My understanding is that what you get from crypt(pw, salt) =

    $1$<salt>$<hashed password>

Please correct me if I wrong.  Again, not an expert.

On Sun, 07 May 2000, you wrote:
> "Robert B. Easter" wrote:
> >
> > On Sun, 07 May 2000, Hannu Krosing wrote:
> > >
> > > But how will you know if the data in the field is md5 hashed ?
> >
> > I think they begin with $1$ and that the salt in the hashed string is like this:
>
> how do you distinguish it from a plaintext password thet starts with $1$
> ?
>
> > $1$<salt>$   -- a total of 12 characters of salt if you include the $1$$
> > characters. <salt> is 9 characters.  Someone can correct me if this is not
> > true. I'm not an expert. :)
>
> Well in Zope they begin with {MD5} for MD5 hash. The md5 hash itself
> knows
> nothing about salt - it is just fed to the function before the password.
> And the digest can begin with anything, possibly even \0 if not
> {uu|base64}encoded
>
> ------------
> Hannu
--
Robert B. Easter
reaster@comptechnews.com

At 07:08 PM 5/7/00 -0400, Robert B. Easter wrote:
>My understanding is that what you get from crypt(pw, salt) =
>
>         $1$<salt>$<hashed password>

I thought it was only $<salt - 2 chars>$<hashed password>


Regards,
Stephan
--
Stephan Richter - (901) 573-3308 - srichter@cbu.edu
CBU - Physics & Chemistry; Framework Web - Web Design & Development
PGP Key: 735E C61E 5C64 F430 4F9C 798E DCA2 07E3 E42B 5391

Stephan Richter wrote:
>
> At 07:08 PM 5/7/00 -0400, Robert B. Easter wrote:
> >My understanding is that what you get from crypt(pw, salt) =
> >
> >         $1$<salt>$<hashed password>

That's for DES crypt (and without the $$)

---------
Hannu