|
|
Re: Values to use for a salt?: msg#00036security.programming
>If you're going to salt, then you need to put the salt at the *END* >of the password. Otherwise the cracker can precompute the salt in >the hashing routine, and there's no speed difference between a salted >password and an unsalted password. The "SALT" in the traditional Unix crypt(3c) code is not hashed with the password; it modifies the algorithm used to crypt the password. But indeed, the commonly used md5 hashes do hasg the salt after the password. Casper |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Values to use for a salt?: 00036, Brian Hatch |
|---|---|
| Next by Date: | RE: Values to use for a salt?: 00036, Kenneth Buchanan |
| Previous by Thread: | Re: Values to use for a salt?i: 00036, Brian Hatch |
| Next by Thread: | Re: Values to use for a salt?: 00036, Richard M. Conlan |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |