| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Tim Ellis <Tim(dot)Ellis(at)gamet(dot)com> |
| Cc: | "David F(dot) Skoll" <dfs(at)roaringpenguin(dot)com>, fstefan(at)cable(dot)vol(dot)at, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: OT: password encryption (salt theory) |
| Date: | 2002-08-22 04:47:38 |
| Message-ID: | 5500.1029991658@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Tim Ellis <Tim(dot)Ellis(at)gamet(dot)com> writes:
> Can anyone explain to me why a salt is really a good idea or if, as I
> suspect, it was an idea with good intentions that really doesn't help
> anything?
I believe the original purpose was to make it less obvious whether two
Unix users had the same password. (Alice reads /etc/passwd, notices
that her password entry is the same as Bob's, trivially logs into Bob's
account.)
The small range of salts in the original implementation was, well,
appropriate for machine resources of the day. These days you want
a few more random bits in there. But the idea is not wrong merely
because there are threats it doesn't guard against.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Elphick | 2002-08-22 06:10:27 | Re: [ADMIN] How to execute my trigger when update certain columns |
| Previous Message | Barry Lind | 2002-08-22 03:45:50 | Re: [ADMIN] DB Access Restrictions |