2022-02-02 19:45:01 +00:00
|
|
|
= unix password scheme =
|
|
|
|
|
|
|
|
== logging in ==
|
|
|
|
|
|
|
|
* Take password and salt into hash function
|
|
|
|
* store it into a local file including
|
|
|
|
* user id
|
|
|
|
* salt
|
|
|
|
* hash
|
|
|
|
|
|
|
|
== logging out ==
|
|
|
|
|
|
|
|
* User id is fetched as well as salt
|
|
|
|
* given password is hashed with salt
|
|
|
|
* compare stored hash against outputted hash
|
|
|
|
|
|
|
|
== Improvements ==
|
|
|
|
|
|
|
|
* Use MD5 hash
|
2022-02-02 20:00:01 +00:00
|
|
|
* 48 bit salt
|
|
|
|
* password length is unlimited
|
|
|
|
* 128bit hash
|
|
|
|
* Uses inner loop with 1000 iterations
|
|
|
|
* OpenBSD uses Blowfish based hash called Bcrypt
|
|
|
|
* Most secure unix hash/salt scheme
|
|
|
|
* uses 128bit salt to make 192bit hash value
|
|
|
|
* Use a shadow password file
|
|
|
|
* separate file with hash; different file with ID
|
|
|
|
|