[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using {CRYPT} for rootpw, using SHA512?

On Fri, Aug 15, 2014 at 12:49:03PM +0100, Miroslaw Baran wrote:
> How do you encode your random salt?

In the example I gave, my salt was the actual string 'random_salt',
right from the example in the URL.  Comments on the thread to that
example make it clear you should actually use a random salt, and
I've found pleny of examples that purport to generate one.  By eye,
'random_salt' matches the regex you suggest.

But, I obviously could be quite wrong with such assertions.

> SHA-512 password hash as used in
> glibc crypt() implementation requires the salt be a random string
> containing up to 16 characters drawn from the set [a-zA-Z0-9./]. I'm
> using something like this to generate the salt (and hope for the
> best):

I'll give this a shot, and report back; thanks for the feedback!

> Works quite well with our LDAP boxes.
> Best regards,
> ??? Miroslaw Baran

Brian Reichert				<reichert@numachi.com>
BSD admin/developer at large