Re: You're on SecurityFocus.com for the cleartext passwords.

Let me comment:

> > How so? The server sends out one fixed salt (the one stored for that
> > user's password in pg_shadow) and one randomly-chosen salt. The client
> > sends back two crypted passwords. The server can check one of them.
> > What can it do with the other? Nothing that I can see, so where is the
> > security gain? A sniffer can still get in by sending back the same
> > pair of crypted passwords next time, no matter what random salt is
> > presented.
>
> Off hand here is the only way I can see that this can work.
>
> 1) client gets password from user and md5's it.

No, no md5 yet.

> 2) upon connecting, the client receives a random salt from the server.
> 3) the client md5's the already md5'd password with this new salt.

md5's plaintext password using pg_shadow salt, and random salt.

> 4) the client sends the resulting hash to the server.
> 5) the server takes the md5'd password from pg_shadow and md5's it
> with the same random salt it sent to the client.

Yes.

> 6) if it matches, the server sends yet another salt to the client.
> 7) repeat steps 3, 4 and 5.
> 8) if it matches the client's in.
>
> Why should this work? Because the next time the client tries to connect
> it will be given a different salt. But why twice? It seems that once
> would be enough since it's a random salt to begin with and the client
> should never be getting that salt twice.

No, once with pg_shadow salt, then random salt.

--
Bruce Momjian | http://www.op.net/~candle
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026