*BSD News Article 94189


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.Hawaii.Edu!news.caldera.com!enews.sgi.com!ix.netcom.com!news-peer.sprintlink.net!news.sprintlink.net!sprint!uunet!in2.uu.net!206.139.252.5!newsreader.com!not-for-mail
From: curt@kcwc.com (Curt Welch)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.security.unix
Subject: Re: how MD5 works
Date: 22 Apr 1997 14:59:04 GMT
Organization: KCW Consulting
Lines: 27
Message-ID: <8xdE$50@NewsReader.Com>
References: <01bc4ecf$0b2c9840$2fa56bc7@jasmin>
NNTP-Posting-Host: h4.kcwc.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:39527 comp.security.unix:33869

"Jian L. Zhen" <jlz@isli.com> wrote:
> I read thru some material for MD5 and it seems that MD5, as a one-way hash
> function, will generate the same results with the same input everytime.

> am I correct?

Yes.

> is there anything in [the FreeBSD Password] algorithm that might
> make the result variable each time?

Yes.  A salt is added.  It's a random number up to 48 bits in length.
This is the same technique that's used with the standard Unix
DES (like) password encryption algorithm.

The salt and the password are passed though a complex series of
operations using MD5 to produce the final 128 bit hash value.  The
salt along with the resulting hash value is stored in the password
file using a base 64 encoding scheme.  It looks something like this:

$1$v8TTaEgJ$bkb06FH3gkHU5Igj95VG.0
                         ^^^^^^^^^^^^^^^^^^^^^^ hash value
      ^^^^^^^^ salt
^^^ Magic String

Curt Welch
http://CurtWelch.Com/