Re: Encrypted Passwords

From: Tim Ellis <pvspam-postgres(at)hacklab(dot)net>
To: Rob Abernethy IV <abernethy(at)dynedge(dot)com>
Cc: postgresql <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Encrypted Passwords
Date: 2003-01-13 20:11:13
Message-ID: 1042488673.23675.215.camel@timetop
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

> The problem
> is that Tomcat computes the digest without a salt and, therefore,
> authentication is failing because the two digested versions of the same
> password are different.

If there is not a feature within Tomcat to allow adding the username as
a salt to the MD5 hash, then Tomcat is broken. This is so common, I
cannot imagine any product bothering to implement MD5 hashing without
allowing a fairly generic salting API call.

Thankfully, Tomcat comes with source, so it can be fixed if, indeed, it
is broken.

Do not waste any energy trying to get Postgres to not salt the hash,
you'd be using energy ruining one product instead of fixing another.

--
Tim Ellis
Senior Database Architect

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Laurette Cisneros 2003-01-13 20:45:49 Re: crypto?
Previous Message Tom Lane 2003-01-13 20:10:39 Re: Database logging.... Recycle server logs ???