Re: [pgadmin-hackers] Client-side password encryption

On Fri, Dec 23, 2005 at 09:12:52AM -0500, Greg Stark wrote:
> Eh? Just because you know everything the postmaster does doesn't mean you
> can't be stopped. In the traditional unix password file scheme the crypt
> string is public knowledge but it's not enough to log in. You need the
> original password that crypts to that value.

This isn't the first time this has been explained, but:

With password encryption you essentially have two options:

- Server knows password, use challenge-response authentication so
password is not visible on wire.
- Server only knows hash of password, password must be sent in clear
over wire.

These exist in the real world as PAP or CHAP, but there are many other
examples. The reason it works in UNIX login is that the "in-the-clear"
transit of the password is from the keyboard, via the kernel to a
single process, not over a network, so it is considered secure. The
login protocol for SMB has a similar flaw. If you can read the password
file on an SMB server, you can login as any user. You may have to hack
a client to make it work, but it is possible.

PostgreSQL uses a variation where the cleartext password sent is just
the md5 hash of the real password. It just stops the admin guessing it
to see if the user is using it elsewhere. You really don't need the
original password to login, just the hash.

The solution is obvious, public-key authentication which doesn't have
these problems. eg SSH, SSL, etc... Or a trusted third party (ident).

Have a nice day,

--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.