linuxsecuritymd5cryptgodbolt

Can a salt value passed to crypt() contain a $ symbol?


Started learning about linux security and reading some articles about MD5 password hashing.

This godbolt demo uses the crypt function

char *crypt(const char *key, const char *salt);

and passes this salt value

const char *salt = "$1$rockyou"; 

where


Question

Suppose the salt contains a $ symbol, such as rock$you, how should it be formatted before passing it to crypt?


Solution

  • You can't use $ in the salt. From the documentation you linked to:

    If salt is a character string starting with the characters "$id$" followed by a string optionally terminated by "$", then the result has the form:

             $id$salt$encrypted
    

    ... The characters in "salt" and "encrypted" are drawn from the set [a-zA-Z0-9./].

    $ is not in that set because it's used as the delimiter between salt and encrypted.