Also, UNIX C library function - and Perl function - for encrypting passwords using one-way hash function (modified version of DES, IIRC).
crypt(3) (and the Perl function) takes 2 arguments, the key (password) and salt.
Usually, when users enter their password first time, the system does this:
- It generates two random letters, the salt.
- It encrypts the password using crypt function with this salt.
- It stores the salt, and resulting hash, to the password file.
When user types a password, the system should
- Take the stuff from password file, interpreting first two bytes as salt and rest as hash,
- encrypt the typed password with this salt,
- compare the resulting hash with the hash that was stored,
- if the hashes match, password was correct, if not, it wasn't.
The salt is just to ensure that even if you have two passwords that are same, their encrypted forms are not same.
For a hideous example of its use, see Black Perl. =)