Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: What's the idea of different salts in crypt()?

by Nitsuj (Hermit)
on Sep 20, 2001 at 16:08 UTC ( #113565=note: print w/replies, xml ) Need Help??


in reply to What's the idea of different salts in crypt()?

The shadowing used on passwords can only be worked one way. You never work the encrypted password to retrieve the plaintext password, you always work the plaintext password to retrieve the shadow.

That said, you don't need "THE" password, just "A" password that yields the same value when shadowed (of course, for our purposes, we'll assume that these are the same).

Of course, this is far from impossible, and of course, knowing the salt gets you PART of the way there, as was already commented, but you gotta have the salt expressed somewhere so the shadow can be worked again in order to get the encrypted text to test the password against. An afternoon running John the Ripper will show you JUST how secure older algorithms are against NEWER processors, of course, the goal of encryption is generally not to permanently obscure data, just to make it hard enough that it's obscured for long enough.

Of course, you can always just use a different algorithm.

Just Another Perl Backpacker
  • Comment on Re: What's the idea of different salts in crypt()?

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://113565]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (2)
As of 2022-05-25 04:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you prefer to work remotely?



    Results (84 votes). Check out past polls.

    Notices?