| From: | "Joe Conway" <joseph(dot)conway(at)home(dot)com> |
|---|---|
| To: | "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>, "PostgreSQL-development" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Proposal for encrypting pg_shadow passwords |
| Date: | 2001-06-26 04:30:43 |
| Message-ID: | 00b501c0fdf8$c399d7d0$0705a8c0@jecw2k1 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> DOUBLE ENCRYPTION
> -----------------
> The solution for encrypting pg_shadow passwords is to encrypt using a
> salt when stored in pg_shadow, and to generate a random salt for each
> authentication request. Send _both_ salts to the client, let the client
> double encrypt using the pg_shadow salt first, then the random salt, and
> send it back. The server encrypt using only the random salt and
> compares.
>
I posted something on this a few weeks ago. See
http://fts.postgresql.org/db/mw/msg.html?mid=1021155 for details, but the
summary is that it would be better (IMHO) to use HMAC for authentication.
HMAC has
been mathematically proven to be as secure as the underlying hash algorithm
used.
Here's the reference for HMAC --
http://www-cse.ucsd.edu/users/mihir/papers/kmd5.pdf.
It would actually work almost identically to what you've described. Store
the password as a hash using MD5 and some salt. Send the password salt and a
random salt to the client. The client uses the password salt with MD5 (and
local knowledge of the plaintext password) to reproduce the stored password,
then calculates an HMAC of the random salt and sends it back. The server
also calculates the HMAC of the random salt using the stored hashed
password, and compares.
Just my 2 cents . . .
-- Joe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Mercer | 2001-06-26 04:33:20 | Re: Encrypting pg_shadow passwords |
| Previous Message | Bruce Momjian | 2001-06-26 04:20:40 | Re: Encrypting pg_shadow passwords |