Re: Re: Proposal for encrypting pg_shadow passwords

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Re: Proposal for encrypting pg_shadow passwords
Date: 2001-08-16 18:08:43
Message-ID: 200108161808.f7GI8hi12803@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> >> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > Also, I now need two salts, one base62 for crypt and a new one for MD5.
> >>
> >> They're carried in two different messages, so I don't see the problem.
>
> > But the salt is configured on startup, before you know your auth method,
> > right? Do I need to move that?
>
> Oh, I see what you're looking at: the salt is computed at ConnCreate
> time in the postmaster. Hmm. You cannot move the call into the later
> auth process, because it needs to happen before the postmaster forks.
> (Else, every forked child would start with the same random() state and
> compute the same salt ... good security eh?)

Yes, I knew we had to do it in the postmaster but I couldn't remember
why. :-)

> Yes, I think initializing two salt fields in ConnCreate is fine. That's
> probably actually a little more secure in itself, because it ensures
> that would-be sniffers cannot see every random() result in the
> postmaster's random() sequence, only some of them. IIRC, that makes it
> a lot harder to guess the underlying seed.

OK, here is the patch for separate salts for crypt and MD5, and allowing
null's in MD5 salt. I haven't tested it yet.

Yes, I realized computing it every time helps.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026

Attachment Content-Type Size
unknown_filename text/plain 15.1 KB

In response to

Browse pgsql-patches by date

  From Date Subject
Next Message Vince Vielhaber 2001-08-16 19:16:39 Re: Re: Proposal for encrypting pg_shadow passwords
Previous Message Rene Pijlman 2001-08-16 17:53:39 Re: Re: [JDBC] JDBC pg_description update needed for CVS tip