| From: | Peter Eisentraut <peter(at)pathwaynet(dot)com> |
|---|---|
| To: | Louis Bertrand <louis(at)bertrandtech(dot)on(dot)ca> |
| Cc: | Gene Sokolov <hook(at)aktrad(dot)ru>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [HACKERS] Hashing passwords (was Updated TODO list) |
| Date: | 1999-07-12 13:34:55 |
| Message-ID: | Pine.LNX.4.10.9907120933190.4521-100000@saxony.pathwaynet.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 9 Jul 1999, Louis Bertrand wrote:
> It would be nice if the password scheme you finally settle on can be
> optionally replaced (compile-time) by the password hash available native
> on the OS. In the case of OpenBSD, the Blowfish-based replacement for the
> DES or MD5 based crypt(3) is better suited to resisting dictionary and
> other offline attacks by fast processors.
>
> This suggestion is useful in case the shadow password file is compromised.
> It is independent of any challenge-response protocol you apply upstream.
Perhaps one could also allow the use of PAM where available. That would
make things infinitely easier for administrators.
--
Peter Eisentraut
PathWay Computing, Inc.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Ridout | 1999-07-12 13:45:02 | RE: [HACKERS] Updated TODO list |
| Previous Message | Maarten Boekhold | 1999-07-12 13:34:39 | Re: [HACKERS] Fwd: Joins and links |