From: | Shane Ambler <pgsql(at)007Marketing(dot)com> |
---|---|
To: | Jorge Godoy <jgodoy(at)gmail(dot)com> |
Cc: | Jeff Davis <pgsql(at)j-davis(dot)com>, DEV <dev(at)umpa-us(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Database users Passwords |
Date: | 2006-10-17 19:35:45 |
Message-ID: | 45353091.2080102@007Marketing.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs pgsql-general |
Jorge Godoy wrote:
> Shane Ambler <pgsql(at)007Marketing(dot)com> writes:
>
>> What Dev would want to look for (probably create) is a small script that will
>> read his list of crypt passwords and un-crypt them into a create role string
>> that is fed to psql.
>
> Except that the hash used is unidirectional, i.e., there's no way to decrypt
> it besides a brute force attack or something like that.
>
> If he's got, e.g., 10 users with strong passwords this kind of thing can take
> some weeks.
>
crypt may be a custom function (or what Dev calls something else
altogether) which is one way and complex - that info wasn't given.
The only crypt I know of is the crypt command (FreeBSD has it at
/usr/bin/crypt) and is also known as enigma. This is a two way
encryption and is fast.
If that is what he is using then decrypting will not be part of the time
issue and is the basis of the advice I gave.
According to time - decrypting a 3K file takes about .002 seconds
If a strong one way encryption has been used then he is out of luck and
will need the users to re-enter their passwords after the accounts are
created with another password of some sort.
Which is also another option for him even if he can decrypt what is
currently stored.
--
Shane Ambler
Postgres(at)007Marketing(dot)com
Get Sheeky @ http://Sheeky.Biz
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2006-10-17 19:35:55 | Re: [GENERAL] Database users Passwords |
Previous Message | Jorge Godoy | 2006-10-17 19:00:05 | Re: Database users Passwords |
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2006-10-17 19:35:55 | Re: [GENERAL] Database users Passwords |
Previous Message | Ron Peterson | 2006-10-17 19:25:05 | uuid c function contrib |