On Thu, Apr 1, 2010 at 11:08 PM, Fred Zinsli <fred.zinsli@...> wrote:
> I have installed change_sqlpass-3.3-1.2 on SM 1.4.19 (Debian Lenny)
You may want the updated beta code from me.
> In the configuration file it asks something about salt.
> What is salt?
You add it to your food to bring out the flavor.
It's also a set of usually random bytes used in the encryption process
along with the password to make password guessing impractical. You
have to know both the salt and the password to match the encrypted
value and log in (the user provides the password and you provide the
salt). You may or may not be using such a scheme for your passwords -
you have to make that determination. Much of the time, the salt is
prefixed onto the encrypted password, separated with, for example,
$1$<salt>$ or $2$<salt>$, but sometimes it can be a known/fixed value
set by the administrator so that if the encrypted passwords are
stolen, the salt values are not lost, improving security further. The
implementation of the salt business in the change_sqlpass plugin is a
bit too confusing, which should be fixed, but anyway...
Please support Open Source Software by donating to SquirrelMail!