Re: You're on SecurityFocus.com for the cleartext passwords.

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Benjamin Adida <ben(at)mit(dot)edu>
Cc: "Sverre H(dot) Huseby" <sverrehu(at)online(dot)no>, Vince Vielhaber <vev(at)michvhf(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, The Hermit Hacker <scrappy(at)hub(dot)org>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: You're on SecurityFocus.com for the cleartext passwords.
Date: 2000-05-06 17:23:52
Message-ID: 200005061723.NAA18140@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-hackers

> on 5/6/00 12:45 PM, Sverre H. Huseby at sverrehu(at)online(dot)no wrote:
>
> > Does anyone here really _know_ (and I mean KNOW)
> > security/cryptography? If so, could you please comment on this
> > scheme? And while you're at it, whats better of MD5 and Unix crypt
> > (triple DES ++, isn't it?) from a security perspective?
>
> Finally something I can comment on with a tiny bit of authority :)
>
> The unix crypt command is a sneaky version of DES (I've never heard of
> Triple-DES being used for this). Your password is transformed into a DES key
> which is then used to encrypt a block of 0's. The result is what's stored in
> the password file. Poor Man's Hash, in a sense :)
>
> MD5 is quite standard (as hashing algs go) and much more secure. It allows
> for longer passwords, and it's quite fast (easily tens of thousands of MD5
> hashes per second on today's midlevel processors). I strongly recommend you
> use that.
>
> | store the password in pg_shadow like a unix-style password with salt
> | pass the random salt and the salt from pg_shadow to the client
> | client crypts the password twice through the routine:
> | once using the pg_shadow salt
> | another time using the random salt
>
> My first impression of this scheme is that it's quite good. Use MD5 instead
> of crypt, and it's great. You've got a good challenge-response setup here,
> and with MD5 you can even make your salt much longer than the 2 bytes of
> unix crypt salt, thus much more secure.
>
> I like it!
>

Good. I only recommend our current setup because we already have code
in most interfaces to handle it. I have no problem moving to md5, but
this should be done for _all_ crypting. I just see no reason to mix
standard password crypt with md5 and try to keep two crypts working on
all interfaces. The easy way would be to use our current crypt stuff to
get it working, then move to md5 if we can get it working on all our
interfaces.

--
Bruce Momjian | http://www.op.net/~candle
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Vince Vielhaber 2000-05-06 17:25:18 Re: You're on SecurityFocus.com for the cleartext passwords.
Previous Message Bruce Momjian 2000-05-06 17:21:16 Re: You're on SecurityFocus.com for the cleartext passwords.

Browse pgsql-hackers by date

  From Date Subject
Next Message Vince Vielhaber 2000-05-06 17:25:18 Re: You're on SecurityFocus.com for the cleartext passwords.
Previous Message Bruce Momjian 2000-05-06 17:21:16 Re: You're on SecurityFocus.com for the cleartext passwords.