Skip site navigation (1) Skip section navigation (2)

Re: md5 passwords and pg_shadow

From: Neil Conway <nconway(at)klamath(dot)dyndns(dot)org>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgman(at)candle(dot)pha(dot)pa(dot)us, pgsql-hackers(at)postgresql(dot)org
Subject: Re: md5 passwords and pg_shadow
Date: 2002-04-25 18:33:46
Message-ID: 20020425143346.1073f19c.nconway@klamath.dyndns.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Thu, 25 Apr 2002 13:32:27 -0400
"Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Neil Conway <nconway(at)klamath(dot)dyndns(dot)org> writes:
> > IMHO, there are two separate processes going on here:
> 
> The connection you are missing is that hashed password storage is
> incompatible with crypt-style password transmission.

Ah, ok -- that makes sense.

> If we force
> hashed storage then the only password transmission style available
> to pre-7.2 clients is cleartext.  It's not at all clear that securing
> the on-disk representation is a more important goal than wire security.

I'd agree they are both important.

How many pre-7.2 clients are actually out there? If 'crypt' authentication
is deprecated in 7.2, is there any chance it will be removed in
7.3? If it is, it should be safe to switch to the scheme I mentioned
in my previous email, which is both less complicated, and
"secure-by-default".

Cheers,

Neil

-- 
Neil Conway <neilconway(at)rogers(dot)com>
PGP Key ID: DB3C29FC

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2002-04-25 18:54:18
Subject: Re: md5 passwords and pg_shadow
Previous:From: Bruce MomjianDate: 2002-04-25 18:26:01
Subject: Re: Vote totals for SET in aborted transaction

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group