Sys AdminLinux...General TipsUnderstandin...

Understanding Linux Password Hashes

Tuesday, July 13, 2004 by digitalpeer, updated Friday, August 6, 2004

Just thought I would comment on something I ran across on your site.

On your page, http://hills.ccsf.org/~jharri01/project.html#passwords you
speculated that the first 8 chars of the MD5 hash had special meaning
but didn't know what it was. It's the salt for the MD5 hash. When the
password is hashed using MD5, it requires a salt (which by standard is
almost always completely random/time generated by whatever command
creates the password). I suppose the greatest meaning for the salt, is
to stop users with the same password from having the same hash.
So, the complete hash is made up of $1$_SALT_$_MD5_HASH_. The "$1$" is
referred to as the "magic" and in some cases is used to determine if
this is a MD5 hash and not something else (DES) like you said. So, when
somebody wants to use the new version of crypt() to see if a password is
correct by comparing hashes, they still need the original hash salt to
create the new hash.

All this is just the result of me fooling around in the sources.

Submit Comment to This Article - Be the first!

Please post a comment if you have something to add, find something wrong, or would like more information on the topic at hand. Do not use the comment form to contact the author about unrelated concerns!

Name: Email (optional):
Enter verification number here: