Quick Links

Community
Contributors
Mailing Lists
IRC
Local User Groups
Events
International Sites

Re: md5 again

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Vince Vielhaber <vev(at)michvhf(dot)com>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: md5 again
Date:	2000-07-11 17:01:26
Message-ID:	1406.963334886@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Vince Vielhaber <vev(at)michvhf(dot)com> writes:
> By knowing what PG will do with the username and random salt, sniffing
> the wire can make guessing the password trivial.

Not if the wire protocol is done correctly, ie, passwords are only
sent in hashed form.

regards, tom lane

In response to

Re: md5 again at 2000-07-11 16:49:32 from Vince Vielhaber

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Travis Bauer	2000-07-11 17:06:45	Re: Slashdot discussion
Previous Message	Vince Vielhaber	2000-07-11 16:56:29	Re: md5 again