> on 5/6/00 2:40 PM, Vince Vielhaber at vev@michvhf.com wrote:
>
> > Why should this work? Because the next time the client tries to connect
> > it will be given a different salt. But why twice? It seems that once
> > would be enough since it's a random salt to begin with and the client
> > should never be getting that salt twice.
>
> No, the reason why you would have "two" hashes is so that the server doesn't
> have to store the cleartext password. The server stores an already-hashed
> version of the password, so the client must hash the cleartext twice, once
> with a long-term salt, once with a random, one-time salt.
>
Yeah, right!
-- Bruce Momjian | http://www.op.net/~candle pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
