Re: Salt in encrypted password in pg_shadow

Chris Travers <chris(at)metatrontech(dot)com> writes:

> This only works because you have a theoretical delay between incorrect
> password attempts, so dictionary attacks directly are supposed to be
> difficult to impliment. I say theoretically because a smart attacker will
> use a program to open multiple telnet connections simultaneously to try a
> large number of passwords at once.

No, this is irrelevant to salts. People actually trying to log in is not the
threat model that salts are there to protect. This is not what is meant by
"dictionary attack".

What is meant by dictionary attack in the context of hashed passwords is
someone generating a "dictionary" of hashes for every guessable password. Then
they can take any hash they find in a password database and look up in their
"dictionary" a valid password it.

Salts prevent this by forcing someone to generate 2^16 possible hashes for
every possible guessable password. Essentially making them hash every
guessable password again anew for each user attacked.

They're only relevant for attackers who have access to the password database.
Not for attackers who are just knocking on the door over and over.

The weakness described would apply to someone who had access to many
pg_shadows from many installations. They could check every "postgres" user
against their dictionary quickly. Or an unscrupulous dba could assign
usernames starting with the same two letters for everyone and then guess
people's passwords by looking up the hashes in a dictionary.

--
greg