Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-24-2006, 01:25 AM   #1
Registered: Nov 2002
Distribution: RH
Posts: 141

Rep: Reputation: 15

Hey all,

Most MD5 hashing programs I have seen generate the same hash if you consistently use the same password. For example, if use a pass of "sup3rm@n" it would generate something like


every time

I noticed that when I ran grub-md5crypt on my FC2 system, it never generated the same hash when using the same password.

Can anyone explain this, sorry if this such a n00b question.
Old 01-24-2006, 03:30 AM   #2
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
I think FC adds a salt before hashing the password, to prevent attacks based on prepared hash tables (dictionnary attack)
Could be
The SALT is choosen randomly everytime you change the password.

If a user comes with a list like this:
(big file containing hashes of easy passwords)

then he cannnot compare grub_hash with x,y,z because
and he has not prepared MD5(21E4passw0rd) because its not a dictionnary word.
Adds a little layer.

Maybe from one install of redhat to another, the md5 would not be the same...
Old 01-24-2006, 01:41 PM   #3
Registered: Nov 2002
Distribution: RH
Posts: 141

Original Poster
Rep: Reputation: 15
Thanks! I figured it was something like that.
Old 01-24-2006, 02:20 PM   #4
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
But the problem remains for RH , strange. Is it an old RH?
Anyway, I don't see why somebody from outside would crack your grub password
And its pretty easy to remove this password if you have physical access


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
No Crypt AMMullan Linux - Software 4 08-08-2007 04:48 AM
LXer: Secure Java Apps on Linux using MD5 Crypt LXer Syndicated Linux News 0 01-13-2006 06:01 AM
dm-crypt rino.caldelli Linux - Software 1 07-28-2005 10:06 PM
Does AIX5.2 use crypt or md5 synthol6 AIX 1 07-26-2004 09:08 AM
Crypt help liguorir Linux - Security 2 05-11-2004 10:44 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:46 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration