Skip site navigation (1) Skip section navigation (2)

Insecurity in MD5 authentication (again)

From: Richard van den Berg <richard(dot)vandenberg(at)trust-factory(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Insecurity in MD5 authentication (again)
Date: 2004-08-26 11:48:00
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
I'm sorry to bring this up again. From the archives I found that the 
current md5 authentication scheme of postgres was designed in 2001. I 
found a debate about it's security from 2002.

My problem is this: we have ODBC users working from home, so they cannot 
use SSL unless we buy the commercial drivers. We decided that encrypting 
the data is not required, but we do need to strictly protect access to 
our database.

With the current MD5 authentication, an eavesdropper can obtain the 
random salt and matching MD5 response. When enough logins are 
eavesdropped on, it becomes feasible for the eavesdropper to connect to 
the server until a salt is offered for which it knows the valid MD5 

To prevent this attack, the salt should be communicated using a 
Diffie-Hellman key exchange. This way, the salt will be known by the 
server and the client, but not by an eavesdropper. See

I realize this would require changes on both the client and server side, 
but it would up the security of the authentication mechanism one notch.

Please Cc me in any replies, since I am not on this list.

Richard van den Berg, CISSP

Trust Factory B.V.      |
Bazarstraat 44a         | Phone: +31 70 3620684
NL-2518AK The Hague     | Fax  : +31 70 3603009
The Netherlands         |


pgsql-hackers by date

Next:From: Bruce MomjianDate: 2004-08-26 13:05:29
Subject: Win32 release warning
Previous:From: Neil ConwayDate: 2004-08-26 05:48:44
Subject: Re: pgsql-server: Update that 8.0 will support MS Win

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group