Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re:^4 What's the idea of different salts in crypt()?

by blakem (Monsignor)
on Sep 21, 2001 at 03:30 UTC ( [id://113743]=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Re: What's the idea of different salts in crypt()?
in thread What's the idea of different salts in crypt()?

The code I was commenting on does exactly that... it uses the plaintext password when generating the salt. In effect it is doing something like:
my ($salt) = ($plaintextpassword =~ /^(..)/);
Take a look at the last example in the node I replied to.

-Blake

Replies are listed 'Best First'.
Re: Re:^4 What's the idea of different salts in crypt()?
by mr_mischief (Monsignor) on Sep 22, 2001 at 01:46 UTC
    In my estimation, that's quite less than completely effective. You were right to question that.

    However, the node you replied to used the first two of the entered password as the salt, then returned the remainder of the password, without that salt. This actually keeps the salt from needing to be stored at all, as it is supplied again every time the password is entered for authentication. This does, however, shorten the input to the plaintext portion of the hash by two bytes. I've not the expertise to surmise the net effect of this scheme without some serious consideration. Perhaps someone else can weigh the pros and cons easier than I.

    Chris
    911

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://113743]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others taking refuge in the Monastery: (4)
As of 2024-03-29 13:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found