[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using {CRYPT} for rootpw, using SHA512?

To: Miroslaw Baran <miroslaw@demonware.net>
Subject: Re: using {CRYPT} for rootpw, using SHA512?
From: Brian Reichert <reichert@numachi.com>
Date: Fri, 15 Aug 2014 09:40:39 -0400
Cc: Brian Reichert <reichert@numachi.com>, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CAMSfXX+CiBV6ddW4rv_9EBjjCRL0cc9z_3=7q5uCu1svjqcGaA@mail.gmail.com>
References: <20140814200516.GI30182@numachi.com> <CAMSfXX+CiBV6ddW4rv_9EBjjCRL0cc9z_3=7q5uCu1svjqcGaA@mail.gmail.com>
User-agent: Mutt/1.5.9i

On Fri, Aug 15, 2014 at 12:49:03PM +0100, Miroslaw Baran wrote:
> How do you encode your random salt?

In the example I gave, my salt was the actual string 'random_salt',
right from the example in the URL.  Comments on the thread to that
example make it clear you should actually use a random salt, and
I've found pleny of examples that purport to generate one.  By eye,
'random_salt' matches the regex you suggest.

But, I obviously could be quite wrong with such assertions.

> SHA-512 password hash as used in
> glibc crypt() implementation requires the salt be a random string
> containing up to 16 characters drawn from the set [a-zA-Z0-9./]. I'm
> using something like this to generate the salt (and hope for the
> best):

I'll give this a shot, and report back; thanks for the feedback!

> Works quite well with our LDAP boxes.
> 
> Best regards,
> ??? Miroslaw Baran

-- 
Brian Reichert				<reichert@numachi.com>
BSD admin/developer at large

Follow-Ups:
- Re: using {CRYPT} for rootpw, using SHA512?
  - From: Miroslaw Baran <miroslaw@makabra.org>

References:
- using {CRYPT} for rootpw, using SHA512?
  - From: Brian Reichert <reichert@numachi.com>

Prev by Date: Re: pwdChangedTime/authTimestamp, MMR etc.
Next by Date: Re: using {CRYPT} for rootpw, using SHA512?
Index(es):
- Chronological
- Thread