A string encrypted with a given salt will always return a fixed
encrypted text. To check the password, just encrypt the user-given
plain-text password with the salt from the encrypted password.
Regards,
-- Raju
>>>>> "Sharukh" == Sharukh K R Pavri <[EMAIL PROTECTED]> writes:
Sharukh> The password stored in /etc/passwd or /etc/shadow is
Sharukh> never just a simple 1
>> to 1 encryption. Two similar strings, when encrypted
>> seperately, do not result in the same encrypted string. This
>> is a measure of security. If two users sharing the same
>> password or passphrase had the exact same entries in the
>> /etc/passwd or /etc/shadow file, it would become easier to
>> break into other user's account.
>>
>> Something called a "salt" is used to ensure that the same
>> string, when encrupted on multiple occasions does not result in
>> the same encrypted string.
>>
>> Thaths
Sharukh> Sorry, but I don't understand. What I always thought was
Sharukh> that when you login and give a password, that password is
Sharukh> encrypted and the result is compared to that already in a
Sharukh> file (etc/password or etc/shadow) right ?
Sharukh> So how come if the result of encrypting the same string
Sharukh> seperately gives different results, does user
Sharukh> authentication occur ? or am I going off at the deep end
Sharukh> ?
Sharukh> some explanation/pointers/links please...
Sharukh> sharukh.
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
----------------------------------------------
An alpha version of a web based tool to manage
your subscription with this mailing list is at
http://lists.linux-india.org/cgi-bin/mj_wwwusr
