Re: You're on SecurityFocus.com for the cleartext passwords.

> On Sat, 6 May 2000, Bruce Momjian wrote:
>
> > > But what I'm proposing will let ALL clients send an encrypted password
> > > over the wire and we can also store them encrypted. By comparing twice
> > > we can maintain backward compatibility. The backend would compare the
> > > password received with the stored md5 password and compare the received
> > > password after md5ing it in case it was sent clear-text.
> >
> > But you can do that with our current system. Store them in pg_shadow
> > using unix password format. If a cleartext password comes in, crypt it
> > using the pg_shadow salt and compare them.
>
> You missed half of it. Platforms that don't have crypt would use our
> MD5 so eventually all of them would be sending encrypted passwords
> over the wire. I'm trying to accomplish two things here.

That is fine: We need crypted passwords in pg_shadow, and MD5 is
probably better than our current setup.

But we have tons of interfaces, all of which use the old stuff. If you
think you can do both at the same time, go ahead. MD5 has salt
capability, so you can move it right into our current client dialog
setup, and do double-MD5 as I suggested.

You still need double-MD5 because you have to crypt the password based
on the random salt passed to the client by the server. If you can make
the salt larger than 2 bytes at the same time, so much the better.

--
Bruce Momjian | http://www.op.net/~candle
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026