Storing of salt in freeradius

Fajar A. Nugraha list at
Wed Jan 19 08:07:30 CET 2011

On Wed, Jan 19, 2011 at 12:39 PM, Mark <mark at> wrote:

> Hi folks,
> Been trying to look for information on this but haven't been able to find
> anything, prompting me to turn to the mailing list for help.
> In the event of using salted md5 hashes for passwords, where exactly does
> one store the salt?

In the beginning of the password.

> There doesn't seem to be a place within the FR config  to do that. Any
> advice would be much appreciated.
No special place needed.

You're probably confusing MD5-Password and Crypt-Password (which in turn can
use MD5 hash). For example, if you use PAP, these three attributes will
allow access when user enter password "testpass":

Cleartext-Password := "testpass"
MD5-Password := "179ad45c6ce2cb97cf1029e212046e81"
Crypt-Password := "$1$12345678$duTc/02K9TK/XCYFyofbZ/"
Crypt-Password := "122U0BPYjrauc"

MD5-Password does not have any salt.
Crypt-Password in the first example has the salt "$1$12345678$", with
MD5-based hash (crypted passwords have the hash in front of them, which for
MD5 starts with $1$ and is 12 characters long)
Crypt-Password in the second example has the salt "12", with DES-based hash

See also:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list