baldwin@mit-eddie.MIT.EDU (Robert W. Baldwin) (08/02/86)
The message that Tim and I sent about the Unix password salting algorithm has a big mistake in it. The salt generation function can in fact generate all 4096 possible salts if the getpid() function behaves as expected. Our mistake was viewing the generator function as salt = 9 * getpid(); where in fact it is salt = ( 9 * getpid() ) % 4096; ('%' is the mod operation in C). But this is a bboard not a journal, so occasional mistakes must be expected. Sorry.