Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

On Wed, Apr 20, 2005 at 09:58:31PM -0400, Stephen Frost wrote:
> * Greg Stark (gsstark(at)mit(dot)edu) wrote:
> > Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > > I have some hopes that pointing out the rather large problem with the
> > > md5 authentication mechanism in pg_hba.conf will lead them to discourage
> > > it's use and thus reduce the occourances of the salt being made
> > > available to the user giving more weight to the usefullness of having it
> > > be a random salt. Additionally, it's been a few years, perhaps
> > > viewpoints have changed.
> >
> > Salts are always given to the user, that's how they work. They're not secret.
>
> You're confusing the issues I'm afraid. If you're using md5 to secure
> your transport then yes, you must provide the salt to the user since the
> same salt must be used on both sides. That's not the salt under
> discussion, however; the salt I'm referring to is the one which is used
> to make it difficult to brute-force the password from a copy of the
> resultant hash. That salt is not given to anyone because no one else
> needs it- only the server needs to know that salt so that it can add it
> to the password to compare against the hash in the database.

Something that just occured to me... if you're using a random salt, you
can change it periodically without any disruption. So in the case of a
site that's worried about brute-forcing a password or hash you can
periodically update all the salts with new random values.

The protocol could also send a nonce as part of the key exchange. I
believe both techniques would add security.
--
Jim C. Nasby, Database Consultant decibel(at)decibel(dot)org
Give your computer some brain candy! www.distributed.net Team #1828

Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"