Re: Salt in encrypted password in pg_shadow - Mailing list pgsql-general

From Tom Lane
Subject Re: Salt in encrypted password in pg_shadow
Date
Msg-id 15515.1094617239@sss.pgh.pa.us
Whole thread Raw
In response to Re: Salt in encrypted password in pg_shadow  (Greg Stark <gsstark@mit.edu>)
Responses Re: Salt in encrypted password in pg_shadow
List pgsql-general
Greg Stark <gsstark@mit.edu> writes:
> However with a known salt you only have to store the 1,000 hashes with the
> known salt. You could instead store a dictionary of 64 million password
> guesses in the same gigabyte.

This is still not responding to my original point though: if you know
the salt that was used, you can try brute-force scan of a few thousand
probable passwords in less CPU time than it will take to read a gigabyte
of precomputed hashes.  The fact that common passwords are much shorter
than the fixed-size MD5 hashes works against you in a big way.

I think the only way for the defender to get any real traction is to not
store the random salt right next to the encrypted password, so that the
attacker who hypothetically has read pg_shadow still has to guess about
the salt that was used.  If someone shows me a plausible way to do that,
I'm all ears.

> The threat model just doesn't apply.

This we agree on ...

            regards, tom lane

pgsql-general by date:

Previous
From: Steve Atkins
Date:
Subject: Re: Salt in encrypted password in pg_shadow
Next
From: Tom Lane
Date:
Subject: Re: Salt in encrypted password in pg_shadow