Is the encrypted password's salt simply random?
Kim Christian Madsen
kimcm at diku.dk
Wed Feb 27 23:58:36 AEST 1991
glenn at rigel.econ.uga.edu (Glenn F. Leavell) writes:
>I'm writing a simple C program to encrypt passwords, so that I can call
>it from a shell script when generating new accounts. To generate the
>encrypted password, I'm making use of the crypt() function:
> char *crypt( char *password, char *salt )
>I'm using a randomly generated two-character salt from the set [a-zA-Z0-9./],
>and everything seems to be working fine. Here's my question: is this
>the right way to choose the salt - just a random thing?
The salt is chosen from the indicated range, by random, that is there
is a minor twist. Usually you use only the time to seed the random
generator, this is also done in finding the salt however the result of
getpid is also used in order to make it further random (two users
updating their passwords at the same time will not get the same
salt).
Kim Chr. Madsen
kimcm at diku.dk
More information about the Comp.unix.admin
mailing list