Re: OT: password encryption (salt theory)

From: Tim Ellis <Tim(dot)Ellis(at)gamet(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: dfs(at)roaringpenguin(dot)com, fstefan(at)cable(dot)vol(dot)at, pgsql-admin(at)postgresql(dot)org
Subject: Re: OT: password encryption (salt theory)
Date: 2002-08-22 15:29:45
Message-ID: 20020822112945.3d37c2ff.Tim.Ellis@gamet.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

> > Can anyone explain to me why a salt is really a good idea
>
> I believe the original purpose was to make it less obvious whether two
> Unix users had the same password.

Ah, plus, as was also pointed out, the attacker cannot precompute a
dictionary attack -- she must do a dictionary attack PER PASSWORD, not per
password file.

This all makes sense. Conclusion: Salt is good. Random salt is best. Any
salt is better than no salt. Thanks for clarifying it, everyone.

--
Tim Ellis
Senior Database Architect
Gamet, Inc.

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Brickley Jeff-RA9607 2002-08-22 16:02:23 gcc compile flags
Previous Message Jai 2002-08-22 14:38:41 Re: Users ip