30.01.2002, 07:58
|
#8
|
|
Inventar
Registriert seit: 24.09.2001
Beiträge: 7.335
|
Google rulez:
http://hotwired.lycos.com/webmonkey/...tw=programming
Zitat:
A "salt" is a little bit of data used to skew an otherwise standard DES encryption algorithm. The salt of a DES-encrypted string is available to you as the first two characters of the final output. This is important to remember — keep on reading to find out why.
If you have used .htaccess-based authentication in the past, you know that usernames and passwords are kept in a file, usually called .htpasswd. The passwords are stored in a format something like this:
joe:WvzodahMR9USk
jane:g3RYjX5evEvdM
julie:YzASzTGEo2VMA
Now, "WvzodahMR9USk" is not Joe User's password. His password is actually "abba001," but after encryption, it looks like "WvzodahMR9USk." Which is the salt ("Wv") tacked on to the DES-encrypted version of "abba001" ("zodahMR9Usk"). Similarly, "g3" is the salt used to encrypt Jane User's password, and "Yz" is the salt used to encrypt Julie User's password. By knowing the salt, you can perform password-matching as outlined below.
|
|
|
|