Archived

This topic is now archived and is closed to further replies.

nes8bit

UNIX MD5 CRYPT

Recommended Posts

SHilbert    652
http://www.usenix.org/events/usenix99/provos/provos_html/node10.html

The crypt() function on *nix systems takes two parameters, the word to encrypt and a two-byte salt, and returns an encrypted string. The function traditionally uses the DES algorithm, which is perturbed one of 4096 ways based on the salt. The MD5 crypt was designed for FreeBSD because of export restrictions on encryption software and to allow for longer passwords. The actual salt you provide it has no effect on the actual hash the MD5 part generates (according to the above page); apparently it''s just concatenated into the result. In any case, MD5 is a standard algorithm; the "UNIX MD5 crypt" refers the the UNIX crypt() function (or crypt executable) that''s built to use MD5 rather than DES.

Gaah!

Share this post


Link to post
Share on other sites
SHilbert    652
it's actually no more secure than a normal MD5 encryption scheme... if I remember its output is like this:

$(version)$(salt)$(MD5 hash)

so, for example:

$1$sa$a0b2c3d4e5f6a0b2c3d4e5f6

EDIT: Notice that the last part might be actual byte values rather than a hex representation of the hash. I'd have to play around with an actual implementation to check this.

Not really much more secure at all, I don't think. Remember, the UNIX MD5 CRYPT is an application of MD5 for encrypting/hashing passwords, it's not a new algorithm that's any more secure than MD5.

Gaah!

Edited by - SHilbert on November 6, 2001 3:01:13 PM

Share this post


Link to post
Share on other sites
Arild Fines    968
Is someone making a yahoo messenger client?

"I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours." - - Stephen Roberts

Share this post


Link to post
Share on other sites