Re: Database users Passwords

Jorge Godoy wrote:
> Shane Ambler <pgsql(at)007Marketing(dot)com> writes:
>
>> What Dev would want to look for (probably create) is a small script that will
>> read his list of crypt passwords and un-crypt them into a create role string
>> that is fed to psql.
>
> Except that the hash used is unidirectional, i.e., there's no way to decrypt
> it besides a brute force attack or something like that.
>
> If he's got, e.g., 10 users with strong passwords this kind of thing can take
> some weeks.
>

crypt may be a custom function (or what Dev calls something else
altogether) which is one way and complex - that info wasn't given.

The only crypt I know of is the crypt command (FreeBSD has it at
/usr/bin/crypt) and is also known as enigma. This is a two way
encryption and is fast.
If that is what he is using then decrypting will not be part of the time
issue and is the basis of the advice I gave.

According to time - decrypting a 3K file takes about .002 seconds

If a strong one way encryption has been used then he is out of luck and
will need the users to re-enter their passwords after the accounts are
created with another password of some sort.
Which is also another option for him even if he can decrypt what is
currently stored.

--

Shane Ambler
Postgres(at)007Marketing(dot)com

Get Sheeky @ http://Sheeky.Biz