From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Benjamin Adida <ben(at)mit(dot)edu> |
Cc: | Vince Vielhaber <vev(at)michvhf(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, The Hermit Hacker <scrappy(at)hub(dot)org>, "Sverre H(dot) Huseby" <sverrehu(at)online(dot)no>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: You're on SecurityFocus.com for the cleartext passwords. |
Date: | 2000-05-06 18:54:52 |
Message-ID: | 200005061854.OAA20685@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
> on 5/6/00 2:40 PM, Vince Vielhaber at vev(at)michvhf(dot)com wrote:
>
> > Why should this work? Because the next time the client tries to connect
> > it will be given a different salt. But why twice? It seems that once
> > would be enough since it's a random salt to begin with and the client
> > should never be getting that salt twice.
>
> No, the reason why you would have "two" hashes is so that the server doesn't
> have to store the cleartext password. The server stores an already-hashed
> version of the password, so the client must hash the cleartext twice, once
> with a long-term salt, once with a random, one-time salt.
>
Yeah, right!
--
Bruce Momjian | http://www.op.net/~candle
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2000-05-06 18:55:42 | Re: You're on SecurityFocus.com for the cleartext passwords. |
Previous Message | Bruce Momjian | 2000-05-06 18:54:22 | Re: You're on SecurityFocus.com for the cleartext passwords. |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2000-05-06 18:55:42 | Re: You're on SecurityFocus.com for the cleartext passwords. |
Previous Message | Bruce Momjian | 2000-05-06 18:54:22 | Re: You're on SecurityFocus.com for the cleartext passwords. |