= unix password scheme =

== logging in ==

* Take password and salt into hash function
* store it into a local file including
  * user id
  * salt
  * hash

== logging out ==

* User id is fetched as well as salt
* given password is hashed with salt
* compare stored hash against outputted hash

== Improvements ==

* Use MD5 hash
  * 48 bit salt
  * password length is unlimited
  * 128bit hash
  * Uses inner loop with 1000 iterations
* OpenBSD uses Blowfish based hash called Bcrypt
  * Most secure unix hash/salt scheme
  * uses 128bit salt to make 192bit hash value
* Use a shadow password file
  * separate file with hash; different file with ID