Skip site navigation (1) Skip section navigation (2)

Re: Re: Proposal for encrypting pg_shadow passwords

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Re: Proposal for encrypting pg_shadow passwords
Date: 2001-08-16 17:42:52
Message-ID: 10491.997983772@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-patches
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
>> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Also, I now need two salts, one base62 for crypt and a new one for MD5.
>> 
>> They're carried in two different messages, so I don't see the problem.

> But the salt is configured on startup, before you know your auth method,
> right?  Do I need to move that?

Oh, I see what you're looking at: the salt is computed at ConnCreate
time in the postmaster.  Hmm.  You cannot move the call into the later
auth process, because it needs to happen before the postmaster forks.
(Else, every forked child would start with the same random() state and
compute the same salt ... good security eh?)

Yes, I think initializing two salt fields in ConnCreate is fine.  That's
probably actually a little more secure in itself, because it ensures
that would-be sniffers cannot see every random() result in the
postmaster's random() sequence, only some of them.  IIRC, that makes it
a lot harder to guess the underlying seed.

			regards, tom lane

In response to

Responses

pgsql-patches by date

Next:From: Rene PijlmanDate: 2001-08-16 17:53:39
Subject: Re: Re: [JDBC] JDBC pg_description update needed for CVS tip
Previous:From: Bruce MomjianDate: 2001-08-16 17:39:22
Subject: Re: Re: Proposal for encrypting pg_shadow passwords

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group