salting of passwords

Printable View

October 14th, 2003, 10:27 PM
shadrack

salting of passwords

I want to make sure that I understand the process of salting passwords for an upcoming security presentation, so if anyone can affirm, please do so:

This applies specifically to OSX (presentation is in a mac lab) and generally to *nix systems. My understanding is that when a user enters a new password, the password program selects a salt, normally based off random variables like the time of day, converts this to a character string and stores it (in the case of standard DES) in front of the encrypted string. When a user enters password at login, a password program retrieves the salt from the front of the encrypted string and uses it to properly encrypt the password entered then matches it to the one stored.

I assume the norm is to use random salt variables, however I have been told that sometimes a system-wide salt is employed. This doesnt seem to make sense for password encryption but maybe for file encryption.

Thanks
October 14th, 2003, 10:46 PM
nebulus200

http://www.google.com/search?hl=en&i...=Google+Search

Click on the 'cached' version of the '[Chapter 8] 8.6 The UNIX Encrypted Password System' Pretty decent article.

Quote:

As table salt adds zest to popcorn, the salt that Morris and Thompson sprinkled into the DES algorithm added a little more spice and variety. The DES salt is a 12-bit number, between 0 and 4095, which slightly changes the result of the DES function. Each of the 4096 different salts makes a password encrypt a different way.

When you change your password, the /bin/passwd program selects a salt based on the time of day. The salt is converted into a two-character string and is stored in the /etc/passwd file along with the encrypted "password."[10] In this manner, when you type your password at login time, the same salt is used again. UNIX stores the salt as the first two characters of the encrypted password.

[10] By now, you know that what is stored in the /etc/passwd file is not really the encrypted password. However, everyone calls it that, and we will do the same from here on. Otherwise, we'll need to keep typing "the superencrypted block of zeros that is used to verify the user's password" everywhere in the book, filling many extra pages and contributing to the premature demise of yet more trees.

Table 8.2 shows how a few different words encrypt with different salts.

Regardless, tons of references out there.

/nebulus
October 16th, 2003, 10:54 AM
spurious_inode

You seem to have the basic idea shadrack. Just keep in mind that some methods (MD5, Triple DES, etc.) use differing methods to obtain the salt, and in some cases more than one salt per password may be used.

A fairly thorough document on the process is included with 'john' which can be obtained at packetstormsecurity.nl.