Let me comment:
> > How so? The server sends out one fixed salt (the one stored for that
> > user's password in pg_shadow) and one randomly-chosen salt. The client
> > sends back two crypted passwords. The server can check one of them.
> > What can it do with the other? Nothing that I can see, so where is the
> > security gain? A sniffer can still get in by sending back the same
> > pair of crypted passwords next time, no matter what random salt is
> > presented.
>
> Off hand here is the only way I can see that this can work.
>
> 1) client gets password from user and md5's it.
No, no md5 yet.
> 2) upon connecting, the client receives a random salt from the server.
> 3) the client md5's the already md5'd password with this new salt.
md5's plaintext password using pg_shadow salt, and random salt.
> 4) the client sends the resulting hash to the server.
> 5) the server takes the md5'd password from pg_shadow and md5's it
> with the same random salt it sent to the client.
Yes.
> 6) if it matches, the server sends yet another salt to the client.
> 7) repeat steps 3, 4 and 5.
> 8) if it matches the client's in.
>
> Why should this work? Because the next time the client tries to connect
> it will be given a different salt. But why twice? It seems that once
> would be enough since it's a random salt to begin with and the client
> should never be getting that salt twice.
No, once with pg_shadow salt, then random salt.
-- Bruce Momjian | http://www.op.net/~candle pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
