Re: You're on SecurityFocus.com for the cleartext passwords.

on 5/6/00 2:29 PM, Tom Lane at tgl(at)sss(dot)pgh(dot)pa(dot)us wrote:

> How so? The server sends out one fixed salt (the one stored for that
> user's password in pg_shadow) and one randomly-chosen salt. The client
> sends back two crypted passwords. The server can check one of them.
> What can it do with the other? Nothing that I can see, so where is the
> security gain? A sniffer can still get in by sending back the same
> pair of crypted passwords next time, no matter what random salt is
> presented.

Okay, my understanding was that the protocol would work as follows:

- client requests login
- server sends stored salt c1, and random salt c2.
- client performs hash_c2(hash_c1(password)) and sends result to server.
- server performs hash_c2(stored_pg_shadow) and compares with client
submission.
- if there's a match, there's successful login.

This protocol will truly create a challenge-response where the communication
is different at each login, and where sniffing one
hash_c2(hash_c1(password)) doesn't give you any way to log in with a
different c2.

-Ben