Re: Re: Proposal for encrypting pg_shadow passwords

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Re: Proposal for encrypting pg_shadow passwords
Date: 2001-08-16 17:39:22
Message-ID: 200108161739.f7GHdMW07199@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > Salt is currently defined as char[2]. Should I encode the rand() as
> > char[4] and send that, or skip null and still encode it as char[4].
>
> There's no need to avoid nulls here, AFAICS. Making the salt a
> fixed-length binary string seems like the best bet.

OK, working on that now. The EncryptMD5 function accepts username
string and 4-byte salt, so I have to pass the length of the salt to the
function. Can't rely on strlen().

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026

In response to

Browse pgsql-patches by date

  From Date Subject
Next Message Tom Lane 2001-08-16 17:42:52 Re: Re: Proposal for encrypting pg_shadow passwords
Previous Message Bruce Momjian 2001-08-16 17:37:53 Re: Patch: use SCM_CREDS authentication over PF_LOCAL sockets