The unix crypt function takes a mysterious salt parameter, used to thwart giant precomputed dictionaries translating from common words to straight hashes.
In default mode, only the first two characters of the salt are significant, and they are chosen from the 64-character set [A-Za-z0-9/.] (or "slashdot"). Only the first 8 characters are significant in the DES based password generator.
However, if the first three characters are "$1$" then the next eight characters (all bits significant, except the salt gets truncated before the first dollar sign) are the salt to a MD5 hash, which allows passwords of unlimited length.
Here is some messy perl code from within a shell script. Perhaps though the salt should be chosen through rand() as suggested in perldoc -f crypt.
read -s password
secr=`perl -we "print crypt(q($password), qq(\x24) . q(1) .
qq(\x24) . q($salt)), qq(\n);"`;
Hopefully a SHA-256 (etc) based hash can be standardized soon.
No comments :
Post a Comment