Where is the SALT attached to the password, AFTER or BEFORE the password?

Question

When you are using GNU/Linux, the password are (mainly) encripted in MD5 and SHA
The operative system attaches a SALT to this password before encrypting it to avoid dictionary attacs.

My question is, where does the SO attaches the SALT, before, or after the password?

For example, is my password is: peter2011 before encripting it, it does:

saltpeter2011 or peter2011salt ?

Thanks in advance.

---

I dont know if you missunderstood my question, but I'm not asking how does Linux stores his passwords, I'm asking how does encripts it, i mean:

encrypt_in_md5(saltpeter2011) or encript_in_md5(peter2011salt)

I know that on the /etc/shadow file are stored as $salt&encripted_password

Thanks in advance!

Answer 1

It's not as simple as you might think.

First of all the way salts are used depends on the hashing function used. You mention MD5, so we'll take this case.

You have to look into glibc/crypt/md5-crypt.c file for the answer, in glibc sources.

There you will find, that first it does something like md5(KEY$1$SALT), then does md5(KEYSALTKEY) and then mixes them together in a weird way. Then it does some more weird iterations based on the key, the salt and the previous results, and finally after some more mixing of bytes you are done.

Answer 2

If you're implementing the system, it is completely up to you. Does not matter at all.

Most probably unix does $1$SALTpeter2011.

Answer 3

It's a little more complex than that, involving multiple rounds of appending and hashing. Best to just use crypt(3) and let the system handle it.