Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!rpi!uupsi!sunic!dkuug!diku!kimcm
From: kimcm@diku.dk (Kim Christian Madsen)
Newsgroups: comp.unix.admin
Subject: Re: Is the encrypted password's salt simply random?
Message-ID: <1991Feb27.125836.3382@odin.diku.dk>
Date: 27 Feb 91 12:58:36 GMT
References: <1991Feb26.201846.22584@rigel.econ.uga.edu>
Sender: news@odin.diku.dk (Netnews System)
Organization: Department of Computer Science, U of Copenhagen
Lines: 22

glenn@rigel.econ.uga.edu (Glenn F. Leavell) writes:

>I'm writing a simple C program to encrypt passwords, so that I can call
>it from a shell script when generating new accounts.  To generate the
>encrypted password, I'm making use of the crypt() function:

>	char *crypt( char *password, char *salt )

>I'm using a randomly generated two-character salt from the set [a-zA-Z0-9./],
>and everything seems to be working fine.  Here's my question:  is this
>the right way to choose the salt - just a random thing?

The salt is chosen from the indicated range, by random, that is there
is a minor twist.  Usually you use only the time to seed the random
generator, this is also done in finding the salt however the result of
getpid is also used in order to make it further random (two users
updating their passwords at the same time will not get the same
salt).


				Kim Chr. Madsen
				kimcm@diku.dk