You are not logged in.
Just curious after reading this wikipedia article if Arch is salting the hashes for users by default. By the looks of my own /etc/shadow file, it is using MD5 for the password encryption, but I can't tell if it's salted or not.
For older Unix passwords which used a 12-bit salt this would require 4096 tables, a significant increase in cost for the attacker, but not impractical with terabyte hard drives. The MD5-crypt and bcrypt methods—used in Linux, BSD Unixes, and Solaris—have salts of 48 and 128 bits, respectively.
EDIT: after closer inspection of /etc/shadow I believe that Arch is indeed salting. Ex:
root:$1$fcq4ttKL$4VtJ2qcyiw3t2G5Fn1ITx.:14832::::::
$1 $ = md5 signature
fcq4ttKL = salt
$ = separator
fcq4ttKL$4VtJ2qcyiw3t2G5Fn1ITx = hash
Last edited by graysky (2010-08-28 20:22:37)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
You could also check for a non-salted password by generating the standard md5 hash
echo -n "yourpassword" | md5sum
Last edited by ehlo (2010-08-29 14:44:21)
Offline