Date: Tue, 04 Apr 2006 18:54:09 -0500 From: Dennis Olvany <dennisolvany@...il.com> To: john-users@...ts.openwall.com Subject: about salts I've been toying with john on some frontpage passwords. I'm curious about salts. Salts are added to passwords before hashing. Does a system normally use the same salt for the entire password file or is a different salt generally used for each different password? How does a system know which salt to use to rehash passwords in the future for authentication? I suppose the system stores a mapping somewhere of salts to usernames. Here's some output from john. Loaded 3 password hashes with 3 different salts (Traditional DES [24/32 4K]) So, john can tell from the hashes that different salts are used throughout the file?
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ