| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Bex <Peter(dot)Bex(at)xs4all(dot)nl> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Authenticate with hash instead of plaintext password? |
| Date: | 2012-12-16 18:30:29 |
| Message-ID: | 17605.1355682629@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Peter Bex <Peter(dot)Bex(at)xs4all(dot)nl> writes:
> On Sun, Dec 16, 2012 at 12:51:08PM -0500, Tom Lane wrote:
>> Right, they can break into *this account*.
> Not *just* this one, but any account on any service that uses this
> same algorithm.
That's easily fixed. I'd be inclined to make the "password" hash be a
hash of the actual password plus the user's name plus some
web-site-specific random salt string. All of these should be readily
available anytime you need to compute the hash, and the inclusion of the
latter two components will make it difficult to use precomputed rainbow
tables to extract the actual password. With a little more work, he
could also have a per-user random salt added to the hash input --- but
that would require an additional lookup step during login.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Murray Cumming | 2012-12-16 18:42:40 | Re: Authenticate with hash instead of plaintext password? |
| Previous Message | Tom Lane | 2012-12-16 18:16:55 | Re: Default timezone changes in 9.1 |