baldwin@mit-eddie.MIT.EDU (Robert W. Baldwin) (08/02/86)
The message that Tim and I sent about the Unix password
salting algorithm has a big mistake in it. The salt generation
function can in fact generate all 4096 possible salts if the
getpid() function behaves as expected.
Our mistake was viewing the generator function as
salt = 9 * getpid();
where in fact it is
salt = ( 9 * getpid() ) % 4096;
('%' is the mod operation in C).
But this is a bboard not a journal, so occasional mistakes
must be expected. Sorry.