On Wed, Jan 19, 2011 at 12:39 PM, Mark <[email protected]> wrote: > Hi folks, > > Been trying to look for information on this but haven't been able to find > anything, prompting me to turn to the mailing list for help. > > In the event of using salted md5 hashes for passwords, where exactly does > one store the salt?
In the beginning of the password. > There doesn't seem to be a place within the FR config to do that. Any > advice would be much appreciated. > > No special place needed. You're probably confusing MD5-Password and Crypt-Password (which in turn can use MD5 hash). For example, if you use PAP, these three attributes will allow access when user enter password "testpass": Cleartext-Password := "testpass" MD5-Password := "179ad45c6ce2cb97cf1029e212046e81" Crypt-Password := "$1$12345678$duTc/02K9TK/XCYFyofbZ/" Crypt-Password := "122U0BPYjrauc" MD5-Password does not have any salt. Crypt-Password in the first example has the salt "$1$12345678$", with MD5-based hash (crypted passwords have the hash in front of them, which for MD5 starts with $1$ and is 12 characters long) Crypt-Password in the second example has the salt "12", with DES-based hash See also: http://freeradius.org/radiusd/man/rlm_pap.txt http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme http://id.php.net/manual/en/function.crypt.php -- Fajar
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
