[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Why is the hashed pw so long?

Stephen or anyone,
Can you give me a pointer (website, book, etc.) to more of the gory
details of the MD5 password hash?  Such as the encoding of the
result, and exactly how the salt is used in the hash, etc.  Your
description below is the most detail I have found on this.  But, I am
looking for a few more specifics.  Your help is most appreciated.
Randy Labaza

stephen langasek <vorlo-@netexpress.net> wrote:
original article:http://www.egroups.com/group/pam-list/?start=1903
> On Tue, 14 Sep 1999, gg&ht forever wrote:
> > This is really not a PAM question per se - it relates to PAM, though.
> > But feel free to point me to another list. Thanks.
> > I'm running RH6.0 using md5 and shadow. My understanding is that
> > when MD5 hashes anything it produces a 128-bit output. 128 bits=
> > 16 bytes. So, how come the hashed pw is 34 characters in /etc/shadow?
> The first three characters are the magic string $1$, used to distinguish
> between md5 and crypt. The next 8 characters are the salt, the 12th
> character is a delimiter character ('$' again), and the remaining 22
> characters are the MD5 hash.
> 128 / 8 = 16, but this assumes you're using all 8 bits of a character.  The
> MD5 hashes in a password file are stored in a human-readable form by
> convention.  I believe they're encoded in base-64: there's a pool of 64
> characters to choose from, which means each character only really encodes 6
> bits of data (2^6 == 64).  128 / 6 = 21 1/3, which rounded up gives you the
> 22 you see in /etc/shadow.
> (The salt is encoded in a similar fashion--it's stored as 8 bytes in the
> file, but it's really only a 48-bit salt, not 64.)
> -Steve Langasek
> postmodern programmer
> --
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []