Re: brute force attacking the password

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Wim Bertels <wim(dot)bertels(at)khleuven(dot)be>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: brute force attacking the password
Date: 2005-04-20 15:20:44
Message-ID: 20050420152044.GB512@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Tue, Apr 19, 2005 at 22:54:32 +0200,
Wim Bertels <wim(dot)bertels(at)khleuven(dot)be> wrote:
>
> not an easy problem: it always seems to end up in DoS vs Brute Force Cracking.
> So the only good and simple solution i can think of: use the best possible
> password encrytion (or sufficient, a statistically zero chance when trying as
> much connections -to brute force crack the password- as possible for a
> significant amount of time.)

Maybe you can use client side certificates. Those will be from a large
enough space that guessing shouldn't be a problem. You should be able to
make that work with PAM.

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Shadow 2005-04-20 16:44:26 Database syncronization
Previous Message Michael Fuhr 2005-04-20 15:08:17 Re: Troubleshooting Postgres7.4