Re: [pgadmin-hackers] Client-side password encryption

On 23 Dec 2005 09:12:52 -0500, Greg Stark <gsstark(at)mit(dot)edu> wrote:
>
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
>
> > Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> writes:
> > > AndrewSN can't post at the moment, but asked me to post this for him:
> > > "Knowing the md5 hash is enough to authenticate via the 'md5' method in
> > > pg_hba.conf, even if you don't know the original password.
> >
> > If you know the md5 hash, you know everything the postmaster does, so
> > it's hard to see where such an attacker is going to be stopped.
>
> Eh? Just because you know everything the postmaster does doesn't mean you
> can't be stopped. In the traditional unix password file scheme the crypt
> string is public knowledge but it's not enough to log in. You need the
> original password that crypts to that value.

In unix scheme the cleartext password is send over wire and server
stores hash. So indeed even if you know the hash, it wont get you in.

But current postgres case the md5 is sent over wire and also stored
in server. So knowing md5 is enough to get in. The md5 is only used
to obfuscate the cleartext password from administrators, in case
the user uses it somewhere else too.

(And the reason for current md5 hacking is to avoid the cleartext
password from appearing from logs, thus overall rounding the goal.)

> > The entire point here is not to expose the cleartext password, and that
> > really has nothing to do with whether you're going to break into the PG
> > database. It's about protecting users who are foolish enough to use the same
> > cleartext password for multiple services.
>
> Well that's a fine goal but it's not as good as an authentication scheme that
> doesn't store a password equivalent in the database.

http://srp.stanford.edu/whatisit.html

--
marko