Storing of salt in freeradius

Fajar A. Nugraha list at fajar.net
Wed Jan 19 10:28:55 CET 2011 

On Wed, Jan 19, 2011 at 4:05 PM, Mark <mark at edgewire.sg> wrote:

> Hi Fajar,
>
> How did you generate that hash? md5sum of "testpass" doesn't return that
> value for me.
>
>
the MD5-password? Probably due to new line effect. I created it using php's
md5 function (http://php.net/manual/en/function.md5.php)

$ echo "<?=md5('testpass');?>"|php;echo
179ad45c6ce2cb97cf1029e212046e81
$ echo -n testpass | md5sum
179ad45c6ce2cb97cf1029e212046e81  -
$ echo testpass | md5sum
0ba06b1790d48b9baf71162124a04685  -

mysql> select md5('testpass');
+----------------------------------+
| md5('testpass')                  |
+----------------------------------+
| 179ad45c6ce2cb97cf1029e212046e81 |
+----------------------------------+
1 row in set (0.14 sec)

See the difference between second and third example?

-- 
Fajar



> On 19-Jan-2011, at 3:07 PM, Fajar A. Nugraha wrote:
>
> On Wed, Jan 19, 2011 at 12:39 PM, Mark <mark at edgewire.sg> wrote:
>
>> Hi folks,
>>
>> Been trying to look for information on this but haven't been able to find
>> anything, prompting me to turn to the mailing list for help.
>>
>> In the event of using salted md5 hashes for passwords, where exactly does
>> one store the salt?
>
>
> In the beginning of the password.
>
>
>> There doesn't seem to be a place within the FR config  to do that. Any
>> advice would be much appreciated.
>>
>>
> No special place needed.
>
> You're probably confusing MD5-Password and Crypt-Password (which in turn
> can use MD5 hash). For example, if you use PAP, these three attributes will
> allow access when user enter password "testpass":
>
> Cleartext-Password := "testpass"
> MD5-Password := "179ad45c6ce2cb97cf1029e212046e81"
> Crypt-Password := "$1$12345678$duTc/02K9TK/XCYFyofbZ/"
> Crypt-Password := "122U0BPYjrauc"
>
> MD5-Password does not have any salt.
> Crypt-Password in the first example has the salt "$1$12345678$", with
> MD5-based hash (crypted passwords have the hash in front of them, which for
> MD5 starts with $1$ and is 12 characters long)
> Crypt-Password in the second example has the salt "12", with DES-based hash
>
> See also:
> http://freeradius.org/radiusd/man/rlm_pap.txt
> http://en.wikipedia.org/wiki/Crypt_(Unix)#MD5-based_scheme
> http://id.php.net/manual/en/function.crypt.php
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110119/50719237/attachment.html>

More information about the Freeradius-Users mailing list