LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

crypt_blowfish

crypt_blowfish

Posted Feb 9, 2006 8:56 UTC (Thu) by anselm (subscriber, #2796)
Parent article: crypt_blowfish

Minor nit: The »salt« parameter to crypt() isn't used to foil hardware-based attempts to crack the encryption, but to introduce variation in the results. Without the salt, if users A and B by chance selected the same password, user A could notice in /etc/passwd that her encrypted password was the same as B's, and log in as B (remember that shadow passwords hadn't been invented yet). With the salt, every plain-text password is hashed to one of 4096 possible encrypted forms, with the chances of a collision being that much lower. The second benefit is that, for an attack based on a dictionary of pre-encrypted passwords, the dictionary must be 4096 times larger, which is significant if your machine is a PDP-11 with the amount of disk space usual in the late 70s/early 80s.

The hardware-based cracking engine problem was addressed by modifying the actual algorithm used by crypt() enough for it to be quite like DES but different enough from what the DES chips implement, so that coming up with a crypt() cracker was no longer economically viable owing to the custom chips required.

Anselm

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds