Home > authentication > How does the authentication process with the salted hash in shadow work

How does the authentication process with the salted hash in shadow work

May 5Hits:0
Advertisement

Does the supplied password during login get converted to a salted hash and then compared to the one in /etc/shadow? /what if the user is in LDAP but not in the shadow file? Would it use kerberos?

Answers

For salt, the idea is simple:

3DES for example has 11 characters of hashed password plus 2 characters of salt. Lets say the outcome is: SSHHHHHHHHHHH. That's what's stored in the shadow file. I.e. both the salt and the hash.

Once I type my password, the library gets the shadow entry, extracts the salt (first two characters), combines the salt with my unencrypted password (the one I just typed) and generates a new hash. If the new hash is the same as the one in the shadow file then it means that my password matches the original one.

The idea is the same behind all cases of salted hashes. The format in the shadow file has changed a bit to be easier to distinguish between different hash algorithms but eventually all that is stored are: (optionally) an id that identifies the hashing function, the salt and the hash. Then using any inputed password, the system generates a new hash (by applying the hashing function to the salt+password) and compares that with the stored one.

For LDAP I believe that this is the same. I.e. the system fetches the entry from LDAP and performs the same set of functions.

Related Articles

  • How does the authentication process with the salted hash in shadow workMay 5

    Does the supplied password during login get converted to a salted hash and then compared to the one in /etc/shadow? /what if the user is in LDAP but not in the shadow file? Would it use kerberos? --------------Solutions------------- For salt, the ide

  • IIS7 FTP Setup - An error occured during the authentication process. 530 End Login failedOctober 23

    I'm having a problem very similar to IIS 7.5 FTP IIS Manager Users Login Fail (530) on Windows Server 2008 R2 Standard. I have created an FTP site and IIS Manager user but am having trouble logging in. I could really do with getting this working with

  • is RDP7.0 authentication process secure enough?January 22

    Latest version RDP used NLA, CredSSP and TLS to secure the authentication process. It sound like secure but in reality does it really secure enough. I knew that the previous version RDP is vulnerability to man-in-middle attacks, does this attack bein

  • Asynchronous vs. Synchronous authentication processJune 19

    I'm currently developing a web application using Node.js (server-side JavaScript) and MongoDB (NoSQL database). I'm at the stage where I have to design the authentication and I had a question about asynchronous programming. One of the advantages of u

  • How can salted, hashed password storage be combined with a plaintext, nonce and hash based authentication?July 12

    My understanding is as follows: To securely store a password (e.g. in a database), you use a hashing algorithm designed for this purpose (designed to be slow, e.g. bcrypt), and you use a unique salt for each password. This makes it hard/slow for an a

  • Can the client certificate authentication process treated as a user digitally signed the content(and then get verified on the server)?September 4

    The authentication was triggered by certain event (like approving button) on the form. In the process of client certificate authentication (in IIS), user was asked to use their PIN (private key) and after authentication, a certificate information is

  • Design of user database and basic authentication process July 23

    I want to know if somebody can give me very briefly information describing the design of a user database and the basic authentication process please? Thank you

  • How to express that a form is part of a authenticity process?

    How to express that a form is part of a authenticity process?October 20

    I'm working on an app so user can ensure the products they are going to buy is not counterfeit and tracks its shipping. Tests To do so, we went for a form where people input a product's security code and submit to check its authenticity against our d

  • Is there any good reason not to salt/hash passwords you store?May 30

    Two organisations I frequently deal with (including my bank) ask me my password to authenticate myself with them... well... they ask for "random" characters from my password. As I understand it, this means that the password cannot be being store

  • Why are salted hashes more secure?February 20

    I know there are many discussions on salted hashes, and I understand that the purpose is to make it impossible to build a rainbow table of all possible hashes (generally up to 7 characters). My understanding is that the random salted values are simpl

  • Authentication: Username (email) and password hashed together in one database fieldOctober 12

    I am currently developping a platform with a PHP framework for our client. The head of the client's IT department wants us to handle authentication with one database field containing email+password+salt (hashed) so there isn't a plain text email fiel

  • How to set up salt hash while installing Drupal 7?November 19

    I am no expert in salt hash but while I was installing Acquia Dev, I noticed a variable $drupal_hash_salt, filled with a randomly generated string, in settings.php of newly installed Drupal 7 and a file called .hashlist under root drupal installation

  • Can a salted hash be an effective MAC?January 22

    An HMAC is basically a "keyed hash". Only the correct message and the correct key will produce a particular hash digest efficiently. Conceptually speaking, the same can be said for a salted hash; only the correct message and the same salt value

  • Difference between salted hash and keyed hashing?October 3

    A cryptographic salt is additional input other than message itself for a hash function so that it prevents attacker from launching dictionary attacks . Usually the salt is stored along with the hash of say the password etc. Keyed Hashing is secret ke

  • Is hashing of just "username + password" as safe as salted hashingAugust 19

    I want to hash "user + password". [EDIT: prehashing "user" would be an improvement, so my question is also for hashing "hash(user) + password". If cross-site same user is a problem then the hashing changed to hashing "ha

  • Authenticate User Salted Hash Without UsernameSeptember 10

    I've got a page with a login system where you type your username and password, the salted hash gets pulled down from the database depending on the username ... SELECT hash FROM db WHERE username = ? bind theSubmittedUsername The potential password is

  • What is better salted hash or openssl encryption?June 1

    Im using php and I was looking to store passwords in a mysql database. I was wondering what would be safer to use a salted hash or openssl encryption? If i use a unique random generated salted hash for each user and store the salt on the database, is

  • Is this a good practice of password salt/hash? February 28

    Original: http://www.php.net/manual/en/function.crypt.php#114060 I've removed the original author's comments to give you a quick glance at the code. Visit the link for detailed explanations of each method's use. I've tested it with success and since

  • Accepting other similar passwords when storing a salted, hashed passwordOctober 2

    If a website stores passwords as a salted hash, is it reasonable to accept similar passwords as correct? For example, given the password stackexchange, does it dramatically decrease security if the website were to accept stackexchange, Stackexchange,

  • Do bad passwords produce bad salted hashes?October 27

    When you have a password stored in a database that has been strongly hashed and salted does it really matter if the underlying user password is weak? If you setup features like limiting login guessing and use captchas to stop automated guessing can y

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.880 s.