On Fri, 08 Jun 2012 12:05:56 +0300, Lars Noodén wrote:
On 6/8/12 12:02 PM, Alberto Fuentes wrote:
On 06/08/2012 10:57 AM, Lars Noodén wrote:
The hashed password + salt is stored in /etc/shadow. Where is the
actual password salt for Debian stored?
Yes, I understand that the salt is different and random for each
password, but how is it stored so that the hash can be used for
authentication? Sorry for the dumb questions.
Regards,
/Lars
The salt is stored in the password entry in the shadow file along with
the result of hash(salt+actualTextPassword).
The fact that the salt is "public" (quotes because /etc/shadow is
readable only by root in most systems) does not detract from its
usefulness. Its purpose is to multiply the necessary size of the
reverse-look-up table needed in a time-vs-space tradeoff brute-force
attack.
It's all explained in this wikipedia article.
http://en.wikipedia.org/wiki/Salt_(cryptography)
Rick
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/b7bfe0e229b6aeef169e2e4b1de52...@pobox.com