On Wed, Jan 19, 2011 at 4:05 PM, Mark <mark@edgewire.sg> wrote:
Hi Fajar,

How did you generate that hash? md5sum of "testpass" doesn't return that value for me.


the MD5-password? Probably due to new line effect. I created it using php's md5 function (http://php.net/manual/en/function.md5.php)

$ echo "<?=md5('testpass');?>"|php;echo
179ad45c6ce2cb97cf1029e212046e81
$ echo -n testpass | md5sum
179ad45c6ce2cb97cf1029e212046e81  -
$ echo testpass | md5sum
0ba06b1790d48b9baf71162124a04685  -

mysql> select md5('testpass');
+----------------------------------+
| md5('testpass')                  |
+----------------------------------+
| 179ad45c6ce2cb97cf1029e212046e81 |
+----------------------------------+
1 row in set (0.14 sec)

See the difference between second and third example?

-- 
Fajar

 
On 19-Jan-2011, at 3:07 PM, Fajar A. Nugraha wrote:

On Wed, Jan 19, 2011 at 12:39 PM, Mark <mark@edgewire.sg> wrote:
Hi folks,

Been trying to look for information on this but haven't been able to find anything, prompting me to turn to the mailing list for help.

In the event of using salted md5 hashes for passwords, where exactly does one store the salt?

In the beginning of the password.
 
There doesn't seem to be a place within the FR config  to do that. Any advice would be much appreciated.


No special place needed.

You're probably confusing MD5-Password and Crypt-Password (which in turn can use MD5 hash). For example, if you use PAP, these three attributes will allow access when user enter password "testpass":

Cleartext-Password := "testpass"
MD5-Password := "179ad45c6ce2cb97cf1029e212046e81"
Crypt-Password := "$1$12345678$duTc/02K9TK/XCYFyofbZ/"
Crypt-Password := "122U0BPYjrauc"

MD5-Password does not have any salt.
Crypt-Password in the first example has the salt "$1$12345678$", with MD5-based hash (crypted passwords have the hash in front of them, which for MD5 starts with $1$ and is 12 characters long)
Crypt-Password in the second example has the salt "12", with DES-based hash

See also:

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html