Re: Salt in encrypted password in pg_shadow

From: Greg Stark <gsstark(at)mit(dot)edu>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Greg Stark <gsstark(at)mit(dot)edu>, pgsql-general(at)postgresql(dot)org
Subject: Re: Salt in encrypted password in pg_shadow
Date: 2004-09-09 04:40:34
Message-ID: 877jr4vyv1.fsf@stark.xeocode.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:

> > it's unlikely that the same situation holds today.
>
> Why would you think that? The US government may not have too many
> clues, but they certainly understand the importance of crypto. I cannot
> think of any reason to suppose that NSA et al would have stopped
> spending serious effort in this area.

Certainly the NSA hasn't stopped spending serious effort. What's changed is
that now there is serious effort outside the NSA as well. In academia and the
private sector, not to mention other national governments.

That wasn't the case 30 years ago partially because the money just wasn't
there outside the NSA, and partially because the NSA was extremely persuasive
in hiring away anyone doing research. It's hard to do get ahead in
publish-or-perish academia when everything you're working on suddenly becomes
classified...

> (Where "serious effort" is measured by the standard of "a billion here, a
> billion there, pretty soon you're talking about real money".)

Well there's a limit to how much you can spend on researcher salaries. There
are only so many researchers available to hire. Of course we don't know what
their full budget is but if it's in the billions (which it may well be) it's
probably mostly spent on operational costs, not research.

> Quite honestly, as a US taxpayer I would not be happy if the NSA were
> not far ahead of public research in this field ...

It's presumably ahead. But not like the situation 30 years ago when they were
the only group doing this kind of research.

--
greg

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Tore Halset 2004-09-09 07:15:09 Re: ERROR: canceling query due to user request
Previous Message Tom Lane 2004-09-09 04:23:48 Re: Salt in encrypted password in pg_shadow