| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | scrappy(at)hub(dot)org (The Hermit Hacker) |
| Cc: | brett(at)work(dot)chicken(dot)org, jwieck(at)debis(dot)com, Andreas(dot)Zeugswetter(at)telecom(dot)at, pgsql-hackers(at)hub(dot)org |
| Subject: | Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) |
| Date: | 1998-02-19 18:56:18 |
| Message-ID: | 199802191856.NAA11107@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>
> On Thu, 19 Feb 1998, Bruce Momjian wrote:
>
> > >
> > >
> > > Have we considering using the unix crypt function for passwords? That
> > > way it wouldn't matter (as much) if people saw the password, and would
> > > still be (somewhat less) secure.
> > >
> > > On Thu, 19 February 1998, at 15:55:07, Jan Wieck wrote:
> >
> > I don't know what the problem with using crypt was. It may be because
> > he passes a random salt to the user, and the user makes the password
> > packet with the given salt and returns it to the backend. If we use
> > crypt, we have to send a plaintext password over the network, don't we?
>
> But, aren't we doing that now?
Yes, we are using crypt. We are picking a random salt, using crypt to
encrypt the cleartext password, then sending the salt to the frontend,
and asking them to supply a password crypted with our requested salt.
Anyway to do this while storing encrypted passwords?
--
Bruce Momjian
maillist(at)candle(dot)pha(dot)pa(dot)us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Wieck | 1998-02-19 19:02:23 | Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) |
| Previous Message | The Hermit Hacker | 1998-02-19 18:36:03 | Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) |