Re: What's the idea of different salts in crypt()?


Pathologically Eclectic Rubbish Lister
	PerlMonks

Re: What's the idea of different salts in crypt()?

by dga (Hermit)

on Sep 20, 2001 at 03:18 UTC ( [id://113494]=note: print w/replies, xml )

Need Help??

in reply to What's the idea of different salts in crypt()?

You should not let intruders have the encrypted password text.

That being said, given the speed of machines today if they have access to the full encrypted text version of your passwords its time to get new passwords and really soon.

The salt makes the password string asdfghjl with salt Az look radically different from asdfghjl with salt Ay. This means that it is unlikely that 2 peoples encrypted passwords will look the same even if they have the exact same plaintext due to the randomly selected salts.

It also means that a complete password reverse lookup table is 4096 times bigger than one with with no salt.

You should look into the Digest::MD5 and friends which will allow passwords longer than 56 bits. Also you should keep the encoded passwords in a seperate, highly secured, file in any case.

Comment on Re: What's the idea of different salts in crypt()?

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://113494]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others chilling in the Monastery: (5)

As of 2024-04-23 20:34 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found