If unix crypt hashes contain a salt, for example an MD5 crypt, can anyone explain to me basicly how John The Ripper or other password auditing programs find out what the salt is before encrypting a cleartext word using the same algorithm and matching it against the encrypted hash to see if it cracked the password.

(For a non-real example) if the salt was 'foobar' and the password was 'password' how would it know what the salt was to crack foobarpasswordfoobar? Apparently adding the salt makes cracking this type of hash take more work compared to Windows LM type hashes which can be cracked fairly quickly.

http://reviews.cnet.com/4520-3513_7-5056214-1.html
http://en.wikipedia.org/wiki/Password_cracker

"Because Unix, Linux, and Mac OS X all use a 12-bit random variable called "salt" in their password schemes. It takes longer to crack a hash value with salt added, because that 12-bit variable generates 4,096 more variations to guess. Windows passwords, however, don't have such a random variable. Why Microsoft didn't include one in the password scheme for the latest versions of Windows is a mystery."

That makes sense..Thanks a lot.

The salt is stored as the first few characters in the hash output. It sounds stupid, but it's actually still useful - sure, anybody can read the salt and start cracking, but the point is, that they can't start working before they steal your password file. Without the salt, anybody could take the hash of every common password, store it in a database, and crack any number of passwords with it.

Makes sense..preventing a person from running a rainbow table set of pre-generated hashes, (time-memory-trade off) of every avalible password for your encryption. Thanks a ton.