Quick Links

Re: Re: Proposal for encrypting pg_shadow passwords

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc:	Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject:	Re: Re: Proposal for encrypting pg_shadow passwords
Date:	2001-08-16 14:03:57
Message-ID:	9540.997970637@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-patches

Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Just a reminder. What I think it insecure is the size of our salt.
> With only 3300 possible salts, it doesn't take long to playback a
> duplicate. That is true of MD5 and crypt.

But aren't we increasing the size of the salt keyspace for MD5?
It'd surely be a major oversight not to.

regards, tom lane

In response to

Re: Re: Proposal for encrypting pg_shadow passwords at 2001-08-16 13:56:24 from Bruce Momjian

Responses

Re: Re: Proposal for encrypting pg_shadow passwords at 2001-08-16 14:08:43 from Bruce Momjian

Browse pgsql-patches by date

	From	Date	Subject
Next Message	Bruce Momjian	2001-08-16 14:08:43	Re: Re: Proposal for encrypting pg_shadow passwords
Previous Message	Bruce Momjian	2001-08-16 13:56:24	Re: Re: Proposal for encrypting pg_shadow passwords