Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Aug 2012 03:58:54 +0200
From: Szabolcs Nagy <>
Subject: Re: Help-wanted tasks for musl

* Rich Felker <> [2012-08-19 21:39:50 -0400]:
> On Mon, Aug 20, 2012 at 03:35:02AM +0200, Szabolcs Nagy wrote:
> > it's not clear what the acceptable characters are..
> > originally the [a-zA-Z0-9./] is the base64 set used
> In all the other hashes we support, only the used base64 set is
> allowed. Anything else is treated as a fatal error. Is this wrong?

old des format accepts any char for salt
(except ':', '\n', '\0' and first char cannot be '_')

new des format (starting with '_')
and blowfish decode the salt so they
depend on the base64 set

> I agree it would be nicer to just pass the salt through the encryption
> algorithm as part of the input, but in practice they all decode it as
> a base64 number and use that number...

sha and md5 crypt does not decode the salt
it is directly passed to a hash function

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.