Postgres Pro
Downloads
Home   >   mailing lists

Re: You're on SecurityFocus.com for the cleartext passwords. - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: You're on SecurityFocus.com for the cleartext passwords.
Date
Msg-id 200005061723.NAA18140@candle.pha.pa.us
Whole thread Raw
In response to Re: You're on SecurityFocus.com for the cleartext passwords.  (Benjamin Adida <ben@mit.edu>)
List pgsql-hackers
Tree view 
> on 5/6/00 12:45 PM, Sverre H. Huseby at sverrehu@online.no wrote:
> 
> > Does anyone here really _know_ (and I mean KNOW)
> > security/cryptography?  If so, could you please comment on this
> > scheme?  And while you're at it, whats better of MD5 and Unix crypt
> > (triple DES ++, isn't it?) from a security perspective?
> 
> Finally something I can comment on with a tiny bit of authority :)
> 
> The unix crypt command is a sneaky version of DES (I've never heard of
> Triple-DES being used for this). Your password is transformed into a DES key
> which is then used to encrypt a block of 0's. The result is what's stored in
> the password file. Poor Man's Hash, in a sense :)
> 
> MD5 is quite standard (as hashing algs go) and much more secure. It allows
> for longer passwords, and it's quite fast (easily tens of thousands of MD5
> hashes per second on today's midlevel processors). I strongly recommend you
> use that.
> 
> |       store the password in pg_shadow like a unix-style password with salt
> |       pass the random salt and the salt from pg_shadow to the client
> |       client crypts the password twice through the routine:
> |           once using the pg_shadow salt
> |           another time using the random salt
> 
> My first impression of this scheme is that it's quite good. Use MD5 instead
> of crypt, and it's great. You've got a good challenge-response setup here,
> and with MD5 you can even make your salt much longer than the 2 bytes of
> unix crypt salt, thus much more secure.
> 
> I like it!
> 

Good.  I only recommend our current setup because we already have code
in most interfaces to handle it.  I have no problem moving to md5, but
this should be done for _all_ crypting.  I just see no reason to mix
standard password crypt with md5 and try to keep two crypts working on
all interfaces.  The easy way would be to use our current crypt stuff to
get it working, then move to md5 if we can get it working on all our
interfaces.

--  Bruce Momjian                        |  http://www.op.net/~candle pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

Previous
From: Vince Vielhaber
Date:
Subject: Re: You're on SecurityFocus.com for the cleartext passwords.
Next
From: Tom Lane
Date:
Subject: Re: You're on SecurityFocus.com for the cleartext passwords.