> The salt isn't always known... I don't know how an
> unprivledged user on a system w/ /etc/shadow could get at it
> anyway. I'm sure alot of people would be very anxious to
> know if you know of a way to do that...
The salt is known, just not by an unpriveledged user. But if you can access
/etc/shadow, then you know the salt and the hashed passwords.
The salt is added (dunno where in the original string) to the password prior
to hashing. Then the salt is prepended to the hased value and stored
somewhere, in your case, /etc/shadow.
For a salt to be usable, you have to know what it is. Secure hashes are "one
way" which means that you shouldn't be able to derive the original text
solely from the hash value. To create password: create 2 byte salt from
ASCII -> prepend salt to password -> hash salt+password with MD5 -> prepend
salt to hash value -> store it. To check password: get username and password
-> lookup hash string using username from /etc/shadow -> get salt from hash
value -> hash salt+password with MD5 -> compare value computed hash value
from stored hash value -> If match, user authenticated, if not, user not
authenticated.
So if you hash a password with a salt, and then lose the salt, you can never
check the password again. You have to know salt.
Since the salt is known, it has no effect on the "keyspace" because you
don't have to guess it. If there was no salt, then pre-computing a
dictionary is a much smaller task.
> The salt isn't always known... I don't know how an
> unprivledged user on a system w/ /etc/shadow could get at it
> anyway. I'm sure alot of people would be very anxious to
> know if you know of a way to do that...
The salt is known, just not by an unpriveledged user. But if you can access
/etc/shadow, then you know the salt and the hashed passwords.
The salt is added (dunno where in the original string) to the password prior
to hashing. Then the salt is prepended to the hased value and stored
somewhere, in your case, /etc/shadow.
For a salt to be usable, you have to know what it is. Secure hashes are "one
way" which means that you shouldn't be able to derive the original text
solely from the hash value. To create password: create 2 byte salt from
ASCII -> prepend salt to password -> hash salt+password with MD5 -> prepend
salt to hash value -> store it. To check password: get username and password
-> lookup hash string using username from /etc/shadow -> get salt from hash
value -> hash salt+password with MD5 -> compare value computed hash value
from stored hash value -> If match, user authenticated, if not, user not
authenticated.
So if you hash a password with a salt, and then lose the salt, you can never
check the password again. You have to know salt.
Since the salt is known, it has no effect on the "keyspace" because you
don't have to guess it. If there was no salt, then pre-computing a
dictionary is a much smaller task.
mike
[ reply ]