| From: | "Gene Sokolov" <hook(at)aktrad(dot)ru> |
|---|---|
| To: | <pgsql-hackers(at)postgreSQL(dot)org> |
| Subject: | Hashing passwords (was Updated TODO list) |
| Date: | 1999-07-09 12:11:24 |
| Message-ID: | 05a301beca04$2a098720$0d8cdac3@aktrad.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
From: Hannu Krosing <hannu(at)trust(dot)ee>
> > > How about:
> > > * Not storing passwords in plain text
> >
> > But we don't, do we? I thougth they were hashed.
>
> do
> select * from pg_shadow;
>
> I think that it was agreed that it is better when they can't bw snatched
> from
> network than to have them hashed in db.
> Using currently known technologies we must either either know the
> original password
> and use challenge-response on net, or else use plaintext (or equivalent)
> on the wire.
I would be happier even with storing passwords at the server as a reversible
hash. For example, xor all user passwords with some value (for example
"PostgreSQL") and store base64(xor) strings instead of plain text.
Challenge-response authentication based on MD5 or SHA hashing would be
better, of course. A scheme like this would be reasonably secure:
1. Client initiates connection.
2. Server generates a long (16 byte) random value and passes it to the
client.
3. Client generates a one way hash of the user ID, SHA(password), and the
random number:
hash := SHA(uid [+] SHA(password) [+] randomval)
and sends openly uid and the hash back to the server
4. Server reconstructs the hash using stored SHA(password) and compares it
with the received hash.
Even more secure: don't store SHA(password) at the server but store
SHA(password) XOR <mastervalue>.
Gene Sokolov.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Leon | 1999-07-09 13:04:13 | Re: [HACKERS] Fwd: Joins and links |
| Previous Message | Gene Sokolov | 1999-07-09 10:41:10 | Hashing passwords (was Updated TODO list) |