MikeO'Dell@BRL-VGR.ARPA,mo@lbl-csam (07/01/83)
In V7 and later, the "salt" was added to the encryption scheme to largely suppress the ability to discover like passwords by comparing the password file entry. Now, even if I change my password to the same one, there is one chance in 4096 of the password file line being identical to the old. The "salt" is chosen from the low-order bits of the system's notion of Time, exactly for this reason. The other thing the salt does is modify the encryption algorithm such that the resulting algorithm LOOKS like DES, but the internal permutation passes are subtly altered so that in fact, none, or at most one, of the 4096 values of the salt result in REAL DES algorithm. This is to prevent attacks by someone with a dictionary and a very fast DES chip. All of this is out of the famous password security study by Thompson and Morris. -Mike