> The current thread started from a simple the need to hide passwords
> from PG superusers and system ROOT's. For that we have two schemes:
>
> store MD5(username+passwd)
> - hidden from sniffing but easily guessable salt (as most users are
> called 'bob')
I have not checked, but imho it will be easy to find out the username
with some extra sniffing. Thus to assume that the username is a secret
is probably a bad assumption.
Walking through all user entries to find a matching md5 is imho
unacceptable anyway, since md5 is a hash an thus has the
potential for equal output with different input.
The only argument for some calculateable salt would imho be
if it saves us one packet roundtrip. And this is only possible if we
don't do the challenge (which still is a variant imho, since we agreed
that good sniffer protection needs to be done differently).
Thus:
C-->S: connect dbname username MD5(calculated_salt+password)
S-->C: connection accepted
Andreas