SALT and encryption
by circus78 from LinuxQuestions.org on (#5SH7F)
I founded and article showing how to convert cleartext credentials in some MySQL table in SSHA512.
Basically the query says:
Code:update logins set crypt = ENCRYPT(cleartext, CONCAT('$6$',sha(RAND()))) where crypt is null or crypt='';I know very little about cryptography, but I can't figure how the RAND() function is involved in the process of password conversion.
I could run such UPDATE sql command multiple times and obtain everytime a different random value...
Is this somewhat related to the concept of "SALT"?
I don't understand how two different encrypted strings are working for the same password.
thank you
Basically the query says:
Code:update logins set crypt = ENCRYPT(cleartext, CONCAT('$6$',sha(RAND()))) where crypt is null or crypt='';I know very little about cryptography, but I can't figure how the RAND() function is involved in the process of password conversion.
I could run such UPDATE sql command multiple times and obtain everytime a different random value...
Is this somewhat related to the concept of "SALT"?
I don't understand how two different encrypted strings are working for the same password.
thank you