Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)

Bruce Momjian wrote:
>
> >
> > On Thu, 19 Feb 1998, Bruce Momjian wrote:
> >
> > > >
> > > >
> > > > Have we considering using the unix crypt function for passwords? That
> > > > way it wouldn't matter (as much) if people saw the password, and would
> > > > still be (somewhat less) secure.
> > > >
> > > > On Thu, 19 February 1998, at 15:55:07, Jan Wieck wrote:
> > >
> > > I don't know what the problem with using crypt was. It may be because
> > > he passes a random salt to the user, and the user makes the password
> > > packet with the given salt and returns it to the backend. If we use
> > > crypt, we have to send a plaintext password over the network, don't we?
> >
> > But, aren't we doing that now?
>
> Yes, we are using crypt. We are picking a random salt, using crypt to
> encrypt the cleartext password, then sending the salt to the frontend,
> and asking them to supply a password crypted with our requested salt.

A benefit of this approach (which I think is valuable) is that, as far
as sniffing the network is concerned, one-time passwords are used.

> Anyway to do this while storing encrypted passwords?

How UNIX specific is crypt()? At the moment the same password can be
used with clients that support crypt(), and send the password encrypted,
and those that don't, and send the password in clear.

If you want to store encrypted passwords then the encryption method used
must be supported by all types of client - or be included as part of the
PostgreSQL distribution.

Phil