Can somebody explain simply why crypt of a password with a salt (the hash result) is equal to crypt of the password with the hash result itself?
Can somebody explain simply why crypt of a password with a salt (the hash result) is equal to crypt of the password with the hash result itself ?
Surely there is a simple mathematical explanation. I asked Bing AI Chat and she said :
When you use the crypt() function to hash a password, the resulting hash includes the salt value. When you pass the hash value as the salt argument to the crypt() function, the function extracts the salt value from the hash and uses it to hash the password again. Since the salt value is the same in both cases, the resulting hash values are also the same. This is why crypt(password, hash) = hash.
This process is useful when you need to verify a user’s password in a database. Instead of comparing the entered password to the stored password in plain text, you can use the crypt() function to hash the entered password and compare it to the stored hashed password. This ensures that the passwords are not stored in plain text, which is important for maintaining security.
I think it is not correct because it is not easy to extract the salt value from the hash.
I am not familiar with cryptography. I just wanted to ask this question. I would also appreciate reliable references.
