Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Tue, 04 Apr 2006 18:54:09 -0500
From: Dennis Olvany <dennisolvany@...il.com>
To:  john-users@...ts.openwall.com
Subject: about salts

I've been toying with john on some frontpage passwords. I'm curious 
about salts.

Salts are added to passwords before hashing. Does a system normally use 
the same salt for the entire password file or is a different salt 
generally used for each different password?

How does a system know which salt to use to rehash passwords in the 
future for authentication? I suppose the system stores a mapping 
somewhere of salts to usernames.

Here's some output from john.

Loaded 3 password hashes with 3 different salts (Traditional DES [24/32 4K])

So, john can tell from the hashes that different salts are used 
throughout the file?

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux