Home > mailing lists

Re: Rejecting weak passwords - Mailing list pgsql-hackers

From	Jeff Davis
Subject	Re: Rejecting weak passwords
Date	September 28, 2009 23:09:06
Msg-id	1254178917.22854.3.camel@monkey-cat.sm.truviso.com Whole thread Raw
In response to	Re: Rejecting weak passwords (Josh Berkus <josh@agliodbs.com>)
Responses	Re: Rejecting weak passwords
List	pgsql-hackers

Tree view

On Mon, 2009-09-28 at 15:52 -0700, Josh Berkus wrote:
> > It takes about 32 hours to brute force all passwords from [a-zA-Z0-9]
> > of up to 8 chars in length.
> 
> That would be a reason to limit the number of failed connection attempts
> from a single source, then, rather than a reason to change the hash
> function.

That doesn't solve the problem of an administrator brute-forcing your password.

Regards,Jeff Davis

pgsql-hackers by date:

From: Alvaro Herrera
Date: 28 September 2009, 23:02:59
Subject: Re: TODO item: Allow more complex user/database default GUC settings

From: Andrew Dunstan
Date: 28 September 2009, 23:10:35
Subject: Re: Rejecting weak passwords

Re: Rejecting weak passwords - Mailing list pgsql-hackers

Previous

Next