Skip site navigation (1) Skip section navigation (2)

Re: OT: password encryption (salt theory)

From: Tim Ellis <Tim(dot)Ellis(at)gamet(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: dfs(at)roaringpenguin(dot)com, fstefan(at)cable(dot)vol(dot)at,pgsql-admin(at)postgresql(dot)org
Subject: Re: OT: password encryption (salt theory)
Date: 2002-08-22 15:29:45
Message-ID: 20020822112945.3d37c2ff.Tim.Ellis@gamet.com (view raw or flat)
Thread:
Lists: pgsql-admin
> > Can anyone explain to me why a salt is really a good idea
> 
> I believe the original purpose was to make it less obvious whether two
> Unix users had the same password.

Ah, plus, as was also pointed out, the attacker cannot precompute a
dictionary attack -- she must do a dictionary attack PER PASSWORD, not per
password file.

This all makes sense. Conclusion: Salt is good. Random salt is best. Any
salt is better than no salt. Thanks for clarifying it, everyone.

-- 
Tim Ellis
Senior Database Architect
Gamet, Inc.

In response to

pgsql-admin by date

Next:From: Brickley Jeff-RA9607Date: 2002-08-22 16:02:23
Subject: gcc compile flags
Previous:From: JaiDate: 2002-08-22 14:38:41
Subject: Re: Users ip

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group