On Wed, Jan 19, 2011 at 12:39 PM, Mark
<mark@edgewire.sg> wrote:
Hi folks,
Been trying to look for information on this but haven't been able to find anything, prompting me to turn to the mailing list for help.
In the event of using salted md5 hashes for passwords, where exactly does one store the salt?
In the beginning of the password.
There doesn't seem to be a place within the FR config to do that. Any advice would be much appreciated.
No special place needed.
You're probably confusing MD5-Password and Crypt-Password (which in turn can use MD5 hash). For example, if you use PAP, these three attributes will allow access when user enter password "testpass":
Cleartext-Password := "testpass"
MD5-Password := "179ad45c6ce2cb97cf1029e212046e81"
Crypt-Password := "$1$12345678$duTc/02K9TK/XCYFyofbZ/"
Crypt-Password := "122U0BPYjrauc"
MD5-Password does not have any salt.
Crypt-Password in the first example has the salt "$1$12345678$", with MD5-based hash (crypted passwords have the hash in front of them, which for MD5 starts with $1$ and is 12 characters long)
Crypt-Password in the second example has the salt "12", with DES-based hash
See also:
--
Fajar
-