kinda. The salt is more like a pointer into a set of "hashed" values (not hash as in perl hash but hash as in hash function). The whole purpose of salt is to prevent dictionary attacks by creating a much larger pool of hashed passwords from the same plaintext.
I've heard specific algorithms use specfic salts
Somewhat true. For some versions of the crypt function, the format of the hashed value is different based on the algorithm (YMMV):
Standard DES-based encryption has a two character salt Extended DES-based encryption has a nine character salt MD5 encryption has a twelve character salt starting with $1$ Blowfish encryption has a sixteen character salt starting with $2$
I believe perl uses either 3DES or DES.
Possibly. It may
be DES,
Extended DES,
MD5,
Blowfish
or whatever else your c library crypt provides.
For great reading about the crypt function and salt, check out Robert Morris and Ken Thompson's seminal work - Password Security: A Case History (
Communications of the ACM, 22(11):594-597, November 1979).
Here's a
google cache link
-derby In reply to Re: Re: Tales from the crypt()
by derby
in thread Tales from the crypt()
by Cody Pendant
For:
Use:
& & < < > > [ [ ] ]