-
October 14th, 2003, 10:27 PM
#1
Junior Member
salting of passwords
I want to make sure that I understand the process of salting passwords for an upcoming security presentation, so if anyone can affirm, please do so:
This applies specifically to OSX (presentation is in a mac lab) and generally to *nix systems. My understanding is that when a user enters a new password, the password program selects a salt, normally based off random variables like the time of day, converts this to a character string and stores it (in the case of standard DES) in front of the encrypted string. When a user enters password at login, a password program retrieves the salt from the front of the encrypted string and uses it to properly encrypt the password entered then matches it to the one stored.
I assume the norm is to use random salt variables, however I have been told that sometimes a system-wide salt is employed. This doesnt seem to make sense for password encryption but maybe for file encryption.
Thanks
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|