Re: Proposal for encrypting pg_shadow passwords

> > DOUBLE ENCRYPTION
> > -----------------
> > The solution for encrypting pg_shadow passwords is to encrypt using a
> > salt when stored in pg_shadow, and to generate a random salt for each
> > authentication request. Send _both_ salts to the client, let the client
> > double encrypt using the pg_shadow salt first, then the random salt, and
> > send it back. The server encrypt using only the random salt and
> > compares.
> >
>
> I posted something on this a few weeks ago. See
> http://fts.postgresql.org/db/mw/msg.html?mid=1021155 for details, but the
> summary is that it would be better (IMHO) to use HMAC for authentication.
> HMAC has
> been mathematically proven to be as secure as the underlying hash algorithm
> used.
> Here's the reference for HMAC --
> http://www-cse.ucsd.edu/users/mihir/papers/kmd5.pdf.
>
> It would actually work almost identically to what you've described. Store
> the password as a hash using MD5 and some salt. Send the password salt and a
> random salt to the client. The client uses the password salt with MD5 (and
> local knowledge of the plaintext password) to reproduce the stored password,
> then calculates an HMAC of the random salt and sends it back. The server
> also calculates the HMAC of the random salt using the stored hashed
> password, and compares.

Yes, I remember that. I figured MD5 was standard and secure enough for
our purposes. Newer stuff sometimes has problems because it has not
been tested long enough and I would hate to change this if a problem is
found.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026