Re: Re: Proposal for encrypting pg_shadow passwords

> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> >> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > Also, I now need two salts, one base62 for crypt and a new one for MD5.
> >>
> >> They're carried in two different messages, so I don't see the problem.
>
> > But the salt is configured on startup, before you know your auth method,
> > right? Do I need to move that?
>
> Oh, I see what you're looking at: the salt is computed at ConnCreate
> time in the postmaster. Hmm. You cannot move the call into the later
> auth process, because it needs to happen before the postmaster forks.
> (Else, every forked child would start with the same random() state and
> compute the same salt ... good security eh?)

Yes, I knew we had to do it in the postmaster but I couldn't remember
why. :-)

> Yes, I think initializing two salt fields in ConnCreate is fine. That's
> probably actually a little more secure in itself, because it ensures
> that would-be sniffers cannot see every random() result in the
> postmaster's random() sequence, only some of them. IIRC, that makes it
> a lot harder to guess the underlying seed.

OK, here is the patch for separate salts for crypt and MD5, and allowing
null's in MD5 salt. I haven't tested it yet.

Yes, I realized computing it every time helps.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026