From: | "Gene Sokolov" <hook(at)aktrad(dot)ru> |
---|---|
To: | "Louis Bertrand" <louis(at)bertrandtech(dot)on(dot)ca>, "Bruce Momjian" <maillist(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | <pgsql-hackers(at)postgreSQL(dot)org> |
Subject: | Re: [HACKERS] Re: Hashing passwords (was Updated TODO list) |
Date: | 1999-07-12 06:37:47 |
Message-ID: | 070301becc31$0eb10aa0$0d8cdac3@aktrad.ru |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
I completely agree with Louis. It's not just the hacker: there is no need
for sysadmin to know passwords as well. I believe the security scheme where
sysadmin or anyone has to take action in order *not* to see passwords is
flawed.
I think the following solution would be satisfactory:
Store SHA(password) XOR SHA(mastervalue [+] uid). In case it's difficult to
alter the wire protocol, store password XOR SHA(mastervalue [+] uid). Either
way no one can get useful info without knowing the master value. Even simple
password XOR <mastervalue> would be helpful.
Gene Sokolov.
From: Louis Bertrand <louis(at)bertrandtech(dot)on(dot)ca>
> Why should anyone be able to read cleartext passwords, or even need to?
> People have a habit of reusing the same password for logins elsewhere.
> Hash the password as it's entered and compare hashes. This way, even if
> the password file (PostgreSQL's or the system's) is compromised, the
> attacker gains no extra information.
>
> > > From: Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us>
> > Yes, I remember now. We keep them in clear, because we send random
> > salt-encrypted versions over the wire. Only Postgresql can read this
> > table.
From | Date | Subject | |
---|---|---|---|
Next Message | Ryan Bradetich | 1999-07-12 06:39:00 | Re: [HACKERS] create rule changes table to view ? |
Previous Message | Gene Sokolov | 1999-07-12 06:27:30 | Re: [HACKERS] Hashing passwords (was Updated TODO list) |