On Mon, Sep 15, 2003 at 06:10:04PM -0400, Charles Sprickman
wrote:> Hi,
>
> I was looking at the crypt(3) manpage, and I'm having a hard time
figuring
> out what the allowed characters are for the salt in md5 and blowfish
> encryption. For DES, it clearly states that only numbers, letters and
> digits may be used.
>
> Does anyone know the rules for md5/blowfish salt characters?
Well, a quick websearch on 'Modular Crypt Format', the name of the
password format containing encryption algorithm magic, optional number
of rounds, salt, and password hash, did not really turn up any
standards or papers; maybe others would be more knowledgeable in
this area. However, I did find a 07/99 post from Kris Kennaway at
http://www.geocrawler.com/archives/3/169/1999/7/0/2467424/ in which
he mentions that the salt is base64-encoded.
The crypt.c and crypt-md5.c files in src/lib/libcrypt/ do not really
pose any restrictions on the salt, short of the obvious one of its
not containing a '$' character :)
I guess going with the base64 characters would be a good bet.
G'luck,
Peter
--
Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
If I were you, who would be reading this sentence?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030916/8d321f63/attachment.bin