| From: | "Robert B(dot) Easter" <reaster(at)comptechnews(dot)com> |
|---|---|
| To: | Hannu Krosing <hannu(at)tm(dot)ee> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: [HACKERS] You're on SecurityFocus.com for the cleartext passwords. |
| Date: | 2000-05-07 23:08:33 |
| Message-ID: | 00050719104905.04750@comptechnews |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
My understanding is that what you get from crypt(pw, salt) =
$1$<salt>$<hashed password>
Please correct me if I wrong. Again, not an expert.
On Sun, 07 May 2000, you wrote:
> "Robert B. Easter" wrote:
> >
> > On Sun, 07 May 2000, Hannu Krosing wrote:
> > >
> > > But how will you know if the data in the field is md5 hashed ?
> >
> > I think they begin with $1$ and that the salt in the hashed string is like this:
>
> how do you distinguish it from a plaintext password thet starts with $1$
> ?
>
> > $1$<salt>$ -- a total of 12 characters of salt if you include the $1$$
> > characters. <salt> is 9 characters. Someone can correct me if this is not
> > true. I'm not an expert. :)
>
> Well in Zope they begin with {MD5} for MD5 hash. The md5 hash itself
> knows
> nothing about salt - it is just fed to the function before the password.
> And the digest can begin with anything, possibly even \0 if not
> {uu|base64}encoded
>
> ------------
> Hannu
--
Robert B. Easter
reaster(at)comptechnews(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephan Richter | 2000-05-07 23:21:15 | Re: Re: [HACKERS] You're on SecurityFocus.com for the cleartext passwords. |
| Previous Message | Tom Lane | 2000-05-07 22:58:52 | Re: So we're in agreement.... |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephan Richter | 2000-05-07 23:21:15 | Re: Re: [HACKERS] You're on SecurityFocus.com for the cleartext passwords. |
| Previous Message | Tom Lane | 2000-05-07 22:58:52 | Re: So we're in agreement.... |