[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Why is the hashed pw so long?

On Tue, 14 Sep 1999, gg&ht forever wrote:

> This is really not a PAM question per se - it relates to PAM, though.
> But feel free to point me to another list. Thanks.

> I'm running RH6.0 using md5 and shadow. My understanding is that
> when MD5 hashes anything it produces a 128-bit output. 128 bits=
> 16 bytes. So, how come the hashed pw is 34 characters in /etc/shadow?

The first three characters are the magic string $1$, used to distinguish
between md5 and crypt. The next 8 characters are the salt, the 12th
character is a delimiter character ('$' again), and the remaining 22
characters are the MD5 hash.

128 / 8 = 16, but this assumes you're using all 8 bits of a character.  The
MD5 hashes in a password file are stored in a human-readable form by
convention.  I believe they're encoded in base-64: there's a pool of 64
characters to choose from, which means each character only really encodes 6
bits of data (2^6 == 64).  128 / 6 = 21 1/3, which rounded up gives you the
22 you see in /etc/shadow.

(The salt is encoded in a similar fashion--it's stored as 8 bytes in the
file, but it's really only a 48-bit salt, not 64.)

-Steve Langasek
postmodern programmer

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []