Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 04 Apr 2006 18:54:09 -0500
From: Dennis Olvany <>
Subject: about salts

I've been toying with john on some frontpage passwords. I'm curious 
about salts.

Salts are added to passwords before hashing. Does a system normally use 
the same salt for the entire password file or is a different salt 
generally used for each different password?

How does a system know which salt to use to rehash passwords in the 
future for authentication? I suppose the system stores a mapping 
somewhere of salts to usernames.

Here's some output from john.

Loaded 3 password hashes with 3 different salts (Traditional DES [24/32 4K])

So, john can tell from the hashes that different salts are used 
throughout the file?

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ