| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, Greg Stark <gsstark(at)mit(dot)edu>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Andreas Pflug <pgadmin(at)pse-consulting(dot)de>, Dave Page <dpage(at)vale-housing(dot)co(dot)uk> |
| Subject: | Re: [pgadmin-hackers] Client-side password encryption |
| Date: | 2005-12-23 16:16:31 |
| Message-ID: | 43AC22DF.80108@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers pgsql-hackers |
Stephen Frost wrote:
>Is it actually doing challenge-response where the challenge is different
>each time?
>
The docs say:
AuthenticationMD5Password
The frontend must now send a PasswordMessage containing the password
encrypted via MD5, using the 4-character salt specified in the
AuthenticationMD5Password message. If this is the correct password,
the server responds with an AuthenticationOk, otherwise it responds
with an ErrorResponse.
A little investigation reveals that this is port->md5salt which is 4
random bytes set up fresh per connection (see src/backend/libpq/auth.c
and src/backend/postmaster/postmaster.c). So it seems indeed to be a
true (small) one time challenge token, unless I've missed something.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | svn | 2005-12-26 12:33:40 | SVN Commit by andreas: r4855 - in trunk/pgadmin3: . src/ctl |
| Previous Message | Stephen Frost | 2005-12-23 15:55:00 | Re: [pgadmin-hackers] Client-side password encryption |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2005-12-23 16:39:13 | Re: [pgadmin-hackers] Client-side password encryption |
| Previous Message | Stephen Frost | 2005-12-23 15:55:00 | Re: [pgadmin-hackers] Client-side password encryption |