Dr. Sharukh K. R. Pavri. spewed into the ether:
>Sorry, but I don't understand. What I always thought was that when you login
>and give a password, that password is encrypted and the result is compared
>to that already in a file (etc/password or etc/shadow) right ?
Right.
>So how come if the result of encrypting the same string seperately gives
>different results, does user authentication occur ?
Someone else has already posted the format of the password in the
shadow file. The DES encrypted password in /etc/shadow similarly
contains the salt.
Now your crypt function uses the salt in encryption. So if two
different people have the same password, but a different salt, the
resulting hash will be different.
Say you use a one character salt, which is first XORed with your
plaintext before encryption with your algorithm. So for the same
string, with two different salts, you will get different results.
(This may or may not be actually used somewhere, just a random
example).
Hope this clears some of your doubts.
Devdas Bhagat
--
Why does a ship carry cargo and a truck carry shipments?
------------------------------------------------------------
Shop Name-Brand stores for the holidays using the Nettaxi StoreRunner!
http://shop.storerunner.com/nettaxi/
----------------------------------------------
An alpha version of a web based tool to manage
your subscription with this mailing list is at
http://lists.linux-india.org/cgi-bin/mj_wwwusr
