Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

From: Paul Tillotson <pntil(at)shentel(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Date: 2005-04-22 00:52:16
Message-ID: 42684AC0.5070900@shentel.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane wrote:

>Paul Tillotson <pntil(at)shentel(dot)net> writes:
>
>
>Hm? Using md5 is certainly not any *more* dangerous than any of the
>other possible password-based methods.
>
>
>
Maybe I misunderstood, but I thought that others were saying that, if
someone gets the contents of pg_shadow, then

- if you use only "password" in your pg_hba.conf, he has to break one of
the hashes first in order to log in.
- but if you use "md5" in your pg_hba.conf, then he doesn't have to
break the hashes at all.

Is this correct?

I guess I personally felt "betrayed" when I heard this since I (naively)
assumed that the point of hashing passwords was to make it so that
someone who is able to read your database is prevented from logging in
and corrupting the data, installing root-kits, etc.

Now I see that the point of md5 authenticate is to address an entirely
different problem, namely, having the cleartext password being captured
on the wire.

Regards,
Paul Tillotson

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Paul Tillotson 2005-04-22 00:53:33 Re: Proposal for background vacuum full/cluster
Previous Message Stephen Frost 2005-04-22 00:31:26 Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords