On Sat, 06 May 2000, Benjamin Adida wrote:
> on 5/6/00 2:14 PM, Tom Lane at tgl@sss.pgh.pa.us wrote:
>
> > However, I still fail to see what it buys us to challenge the frontend
> > with two salts. If the password is stored crypted, the *only* thing
> > we can validate is that password with the same salt it was stored
> > with. It doesn't sound like MD5 changes this at all.
>
> The MD5 definitely doesn't change anything except overall security strength
> of the algorithm. The additional random salt prevents someone from sniffing
> the communication between client and server and then simply log in by
> sending the known hash of the password. The challenge-response means that
> sniffing one login doesn't allow you to fake the next one.
>
> -Ben
I see. This protects the hash, which is an effective password, from being
gotten by sniffers. But a cracker who has stolen the hashes out of Postgres can
still get in no matter what until you change the passwords.
I guess hashed password authentication is really not designed for use over an
untrusted connection. You get the hash becomes effective password problem.
Its very important that the hashed passwords stored in Postgres cannot be read
by anyone except the Postgres superuser.
I'm I getting this right?
Crypto 101 - I'm learning. :)
--
Robert B. Easter
reaster@comptechnews.com