Re: User password encryption using a stronger hashing function?

Поиск
Список
Период
Сортировка
От Craig Ringer
Тема Re: User password encryption using a stronger hashing function?
Дата
Msg-id 4EF3F318.8080706@ringerc.id.au
обсуждение исходный текст
Ответ на Re: User password encryption using a stronger hashing function?  (lst_hoe02@kwsoft.de)
Ответы Re: User password encryption using a stronger hashing function?  (lst_hoe02@kwsoft.de)
Список pgsql-admin
On 22/12/2011 5:41 PM, lst_hoe02@kwsoft.de wrote:
> Zitat von "Liu, Jianli (Jianli)" <jlliu@avaya.com>:
>
>> No one has responded to my questions. I am wondering if anyone can
>> point me to where in postgresql source code I can further look into
>> the issue and explore the possibility of this change?  Thanks.
>
> I was already looking for the same topic but could not find anything
> useful. Maybe no one is using the build-in password encryption, but
> does it at application level with transparent data access?
>
> Maybe one of the developers can explain why the choices for build-in
> password encryption are that limited.
>
I'm not a Pg dev, but I won't be surprised if the v3 protocol doesn't
support other hash functions. I haven't looked into it. If you'd like to
know more I suggest you search for things like "md5", "sha1", "sha256",
"stronger hash" etc on the pogsql-hackers mailing list archives.

The main downside of md5 as a password hash function is that the result
is small and quick to compute the standard of today's hashes, so rainbow
tables are easier to build and can have better coverage. Brute-force
cracking is also faster but there's not as much difference there.

If you have a need for stronger hashing functions you might want to
contact one of the consultants who does contract work on PostgreSQL
development and find out what'd be involved in funding the development
of the feature. Think about why you need it first, though; what
threat(s) are you trying to protect from?

--
Craig Ringer

В списке pgsql-admin по дате отправления:

Предыдущее
От: "Benjamin Krajmalnik"
Дата:
Сообщение: Re: Problem with pgstat timneouts
Следующее
От: K P Manoj
Дата:
Сообщение: Re: Index error on recovery