Re: [HACKERS] Re: Hashing passwords (was Updated TODO list)

Another nice thing with SRP is that it is a mutual authentication. A
third party cannot say "hey i'm the server, please connect to me. Sure,
your password is correct, start sending queries... INSERT? ok, sure,
INSERT 1 1782136. go on..." and steal a lot of data... the SRP client
always knows if it is talking to the real thing. No more third party
attacks...
http://srp.stanford.edu/srp/others.html

/* m */

Gene Sokolov wrote:
>
> I completely agree with Louis. It's not just the hacker: there is no need
> for sysadmin to know passwords as well. I believe the security scheme where
> sysadmin or anyone has to take action in order *not* to see passwords is
> flawed.
>
> I think the following solution would be satisfactory:
> Store SHA(password) XOR SHA(mastervalue [+] uid). In case it's difficult to
> alter the wire protocol, store password XOR SHA(mastervalue [+] uid). Either
> way no one can get useful info without knowing the master value. Even simple
> password XOR <mastervalue> would be helpful.
>
> Gene Sokolov.
>
> From: Louis Bertrand <louis(at)bertrandtech(dot)on(dot)ca>
> > Why should anyone be able to read cleartext passwords, or even need to?
> > People have a habit of reusing the same password for logins elsewhere.
> > Hash the password as it's entered and compare hashes. This way, even if
> > the password file (PostgreSQL's or the system's) is compromised, the
> > attacker gains no extra information.
> >
> > > > From: Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us>
> > > Yes, I remember now. We keep them in clear, because we send random
> > > salt-encrypted versions over the wire. Only Postgresql can read this
> > > table.