[ale] crypt? passwd? faulty package?
Joseph A Knapka
jknapka at earthlink.net
Thu Oct 17 13:53:14 EDT 2002
Jerry Z. Yu wrote:
> yes. it should encrypted by crypt(). assume you are in a batch
> situation, you can pick a pass in plaintext, then run a PERLet, as such
>
> perl -e "print crypt('PASSPLAINTEXT', 'Oz').\"\n\"";
> to get crypted version, with "Oz" as the 2-character salt.
This has always confused me about crypt(). What is the correct
value for the salt? Doesn't the user have to agree with the
OS (or whatever software is going to verify the encrypted
password) about the salt value, in order for passwords to be verified
properly? If so, how do you find out what the proper salt
value is? If not, how the heck does this work? (I understand
that the purpose of the salt is to introduce some additional
randomness into the encrypted password, I just don't
understand how I'm supposed to choose an appropriate value.)
Thanks,
-- Joe
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list