| From: | David Garamond <lists(at)zara(dot)6(dot)isreserved(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Salt in encrypted password in pg_shadow |
| Date: | 2004-09-07 16:22:14 |
| Message-ID: | 413DE036.4080704@zara.6.isreserved.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tom Lane wrote:
>>I read that the password hash in pg_shadow is salted with username. Is
>>this still the case? If so, since probably 99% of all PostgreSQL has
>>"postgres" as the superuser name, wouldn't it be better to use standard
>>Unix/Apache MD5 hash instead?
>
> How does that improve anything? If we add a random salt into it, we'd
> have to store the salt in pg_shadow, so there wouldn't be any secrecy
> added --- an attacker who can read pg_shadow could see the salt too.
Consider someone who creates a long list of:
MD5( "postgres" + "aaaaaaaa" )
MD5( "postgres" + "aaaaaaab" )
MD5( "postgres" + "aaaaaaac" )
...
Now if he has access to other people's pg_shadow, he can compare the
hashes with his dictionary. Replacing "postgres" with a random salt
defeats this dictionary attack (and thus he will have to resort to brute
force).
> (Actually, an attacker who can read pg_shadow is already superuser,
> so it's not clear there's anything left to hide from him anyway.)
But consider someone who finds a harddisk or tape containing a database
backup... he can then gain access to the real, online database.
--
dave
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tore Halset | 2004-09-07 16:23:39 | Re: ERROR: canceling query due to user request |
| Previous Message | Ron St-Pierre | 2004-09-07 16:20:07 | Re: [PERFORM] Table UPDATE is too slow |