Re: [HACKERS] You're on SecurityFocus.com for the cleartext passwords.
От | Robert B. Easter |
---|---|
Тема | Re: [HACKERS] You're on SecurityFocus.com for the cleartext passwords. |
Дата | |
Msg-id | 00050719104905.04750@comptechnews обсуждение исходный текст |
Ответы |
Re: Re: [HACKERS] You're on SecurityFocus.com for
the cleartext passwords.
|
Список | pgsql-general |
My understanding is that what you get from crypt(pw, salt) = $1$<salt>$<hashed password> Please correct me if I wrong. Again, not an expert. On Sun, 07 May 2000, you wrote: > "Robert B. Easter" wrote: > > > > On Sun, 07 May 2000, Hannu Krosing wrote: > > > > > > But how will you know if the data in the field is md5 hashed ? > > > > I think they begin with $1$ and that the salt in the hashed string is like this: > > how do you distinguish it from a plaintext password thet starts with $1$ > ? > > > $1$<salt>$ -- a total of 12 characters of salt if you include the $1$$ > > characters. <salt> is 9 characters. Someone can correct me if this is not > > true. I'm not an expert. :) > > Well in Zope they begin with {MD5} for MD5 hash. The md5 hash itself > knows > nothing about salt - it is just fed to the function before the password. > And the digest can begin with anything, possibly even \0 if not > {uu|base64}encoded > > ------------ > Hannu -- Robert B. Easter reaster@comptechnews.com
В списке pgsql-general по дате отправления: