| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: Re: Proposal for encrypting pg_shadow passwords |
| Date: | 2001-08-17 02:58:36 |
| Message-ID: | 200108170258.f7H2waC05319@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
> > Yes, I think initializing two salt fields in ConnCreate is fine. That's
> > probably actually a little more secure in itself, because it ensures
> > that would-be sniffers cannot see every random() result in the
> > postmaster's random() sequence, only some of them. IIRC, that makes it
> > a lot harder to guess the underlying seed.
>
> OK, here is the patch for separate salts for crypt and MD5, and allowing
> null's in MD5 salt. I haven't tested it yet.
OK, here is an updated version of the dual salt patch. It works and I
will apply it now.
I have to say I like working on this in an iterative way so I can get
feedback from people as I go. This area is kind of complex and it is
good people are giving me feedback.
Tom mentioned 8-byte MD5 salt perhaps someday. I am wondering if we
should improve the protocol negotiation code so that if the client says
they are 2.1, the server can send back 2.0 and if the client responds
with 2.0, the protocol can continue at the 2.0 level. I think this
should be done soon because even if we don't need it now, we will in a
release or two. How hard would this be?
I added this nice message:
+ /* If they encrypt their password, force MD5 */
+ if (isMD5(passwd) && port->auth_method != uaMD5)
+ {
+ snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+ "Password is stored MD5 encrypted. "
+ "Only pg_hba.conf's MD5 protocol can be used for this user.\n");
+ fputs(PQerrormsg, stderr);
+ pqdebug("%s", PQerrormsg);
+ return STATUS_ERROR;
Once you MD5 encrypt your password, you can't use crypt or plaintext
passwords. Seems if you want it MD5 encrypted, you don't want it sent
over the wire plaintext. I hope to add MD5 to ODBC for 7.2 too, unless
someone beats me to it.
Please see my other concern about non-null terminated salt() sent to
crypt!
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| Attachment | Content-Type | Size |
|---|---|---|
| unknown_filename | text/plain | 16.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2001-08-17 03:35:40 | Re: Patch: use SCM_CREDS authentication over PF_LOCAL sockets |
| Previous Message | Barry Lind | 2001-08-17 02:21:01 | Re: Re: [JDBC] JDBC pg_description update needed for CVS tip |