Skip site navigation (1) Skip section navigation (2)

Re: md5 passwords and pg_shadow

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Neil Conway <nconway(at)klamath(dot)dyndns(dot)org>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: md5 passwords and pg_shadow
Date: 2002-04-25 17:37:20
Message-ID: 200204251737.g3PHbKm02160@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
OK, I remember now.  'Password' is fine for MD5-encrypted pg_shadow
because you are using the password supplied over the wire to compare to
the md5.  (Of couse, no one should be using 'password'.)

It is 'crypt' that is the problem.  You get a random salted crypted
password from the user, and you can't compare that to the MD5.

In the 7.2 setup, the client knows the password and can double-md5 
encrypts and sends it to you.  The double-md5 uses the pg_shadow salt,
and then a random salt.

---------------------------------------------------------------------------

Neil Conway wrote:
> On Thu, 25 Apr 2002 01:50:32 -0400 (EDT)
> "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
> > Neil Conway wrote:
> > > Hi all,
> > > 
> > > Why does the password_encryption GUC variable default to false?
> > > 
> > > AFAICT there shouldn't be any issues with client compatibility -- in
> > > fact, I'd be inclined to rip out all support for storing cleartext
> > > passwords...
> > 
> > It is false so passwords can be handled by pre-7.2 clients.  Once you
> > encrypt them, you can't use passwords on pre-7.2 clients because they
> > don't understand the double-md5 hash required.
> 
> IMHO, there are two separate processes going on here:
> 
>    (1) password storage in pg_shadow
> 
>    (2) password submission over the wire
> 
> You want to use a hash like MD5 for #1 so that someone who breaks
> into the server can't read all the passwords in pg_shadow. You
> want to use a hash for #2 so that someone sniffing the network
> won't be able to read passwords. Aren't these two goals
> orthagonal? In other words, what does the format in which the
> password is stored have to do with the format in which data
> is sent over the wire?
> 
> How about this scheme:
> 
> - store all passwords md5 hashed: never store the cleartext
> password.
> - if the client is using 'password' authentication, they will
> send in the cleartext password: MD5 hash it and compare it
> with the store MD5 hash. If they match, authentication
> succeeds.
> - if the client is using 'md5' authentication, use the
> existing double-md5 hash technique
> 
> Cheers,
> 
> Neil
> 
> -- 
> Neil Conway <neilconway(at)rogers(dot)com>
> PGP Key ID: DB3C29FC
> 

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

In response to

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2002-04-25 17:39:41
Subject: Re: md5 passwords and pg_shadow
Previous:From: Tom LaneDate: 2002-04-25 17:32:27
Subject: Re: md5 passwords and pg_shadow

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group