Re: So we're in agreement....

Vince Vielhaber <vev(at)michvhf(dot)com> writes:
>>>> My intent was not to send the username, but let the server figure it
>>>> out by the response.
>>
>> That would be a neat trick. How will you do it? MD5 is not reversible.

> CLIENT: md5(salt_from_server + md5(username + md5(password)))

> SERVER: md5(salt_from_server + md5(username + stored_password))

> The server runs thru all available usernames using the above algorithm.

No, that doesn't work unless stored passwords contain no random salt
at all (you could use the username alone, but as I previously said
that's no substitute for random salt, and of dubious value anyway).
That'd be a distinct *loss* in security, not an improvement.

To have salt in the stored passwords, the server must receive the
username first so that it can look up the pg_shadow entry and find
which stored salt to send to the client (along with the randomly
generated per-transaction salt). You could cloak the username as
I suggested before, but there have to be two messages.

regards, tom lane