Mike Miller wrote: > On Tue, 26 Oct 2004, Scot Jenkins wrote: > > >> Nope, it's exactly right. That's how crypt()-based authentication > >> works, precisely. It needs to know what salt the original password was > >> encrypted with, so it's the first two characters of the encrypted > >> password. It crypt()s the attempted password (from the authentication > >> attempt) with the same salt, and if the two match, the password must be > >> the same (theoretically). > > > > Would this explain the "$1$" string that starts all md5 password values > > in /etc/shadow? -- scot > > That's not how it is on my system - every password begins with a different > two-character salt string. Does 'crypt' use md5? I think it uses > something else, but I'm not 100% on that. md5 passwords start with "$1$", at least they do on Linux (/etc/shadow) and FreeBSD (/etc/master.passwd) systems. crypt passwords would start with the 2 char salt. -- scot _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list