| From: | Neil Conway <nconway(at)klamath(dot)dyndns(dot)org> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | encrypted passwords |
| Date: | 2002-08-14 20:32:26 |
| Message-ID: | 87ptwl9o6d.fsf@klamath.dyndns.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
A couple questions regarding encrypted passwords:
(1) There was talk of changing the default value of the
'password_encryption' GUC variable for 7.3; AFAIK, this hasn't
happened yet. Should this be done?
(2) What is the reasoning behind the current storage format of
MD5-encrypted passwords? At the moment, we "determine" that a
password is stored pre-hashed in pg_shadow by checking if it
begins with "md5" and is 35 characters long (the isMD5() macro in
libpq/crypt.h). This seems problematic, for a couple reasons:
(a) it needlessly overloads the password field: that field
should store the password or the digest itself, not
meta-data about the authentication process.
(b) it makes it difficult to determine if the password is
*actually* encrypted, or whether the user just happened to
specify an (unencrypted) password of that form.
(c) it limits us to using the MD5 algorithm. MD5 is not
looking as invincible as it once did, and having the
capability to support SHA1 or another algorithm without
too much pain would be nice.
(3) (Related to 2b above) Shouldn't we reject an attempt by the user
to specify an un-encrypted password that matches the isMD5() test?
For example:
nconway=# create user foo encrypted password
'md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
CREATE USER
nconway=# create user foo2 encrypted password 'somethingelse';
CREATE USER
nconway=# select usename, passwd from pg_shadow
where usename like 'foo%';
usename | passwd
---------+-------------------------------------
foo | md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
foo2 | md51b80a20a1b6cd86eb369f01009b739d3
(The first password is stored "as-is", the second is hashed before
being stored.)
I don't see a need for the ability to specify pre-hashed passwords,
and it makes the whole process of determining the type of password
being used more complicated.
(4) The naming standard for system catalogs would dictate that the
'passwd' field of pg_shadow actually be named 'usepasswd' or
something similar, wouldn't it? The same applies to the 'valuntil
field.
Cheers,
Neil
--
Neil Conway <neilconway(at)rogers(dot)com>
PGP Key ID: DB3C29FC
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lamar Owen | 2002-08-14 20:34:13 | Re: Open 7.3 items |
| Previous Message | Vince Vielhaber | 2002-08-14 19:55:15 | Re: Open 7.3 items |