Re: Encoding passwords - Mailing list pgsql-general
From | Bruce Momjian |
---|---|
Subject | Re: Encoding passwords |
Date | |
Msg-id | 200109272315.f8RNFwN17489@candle.pha.pa.us Whole thread Raw |
In response to | Re: Encoding passwords (Bruce Momjian <pgman@candle.pha.pa.us>) |
Responses |
Re: Encoding passwords
|
List | pgsql-general |
> > That said if hostile people get to the stage where they can read the > > encoded passwords, you're probably screwed anyway - they're likely to be > > able to do other things some even more undesirable. So it's not really a > > big deal compared to other issues. > > > > We have new code in 7.2 that will do MD5 encryption of passwords stored > in pg_shadow. We add the salt to the front of the password before > passing through MD5. You are suggesting putting the salt at the end. > > I guess the issue is that if you can get the salt part found out, you > can use that to attack the password part. Also, consider that we use > the username as the salt as stored in pg_shadow. We can easily put the > salt in the back, but then there is the risk that a long password would > not take into account the salt. My feeling that this is more a > theoretical concern and we may be opening ourselves up to more problems > if we make the change. OK, I have applied the following patch to the MD5 code that puts the salt at the end. We can't change the crypt() stuff because that is being used in older releases. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 Index: src/backend/libpq/md5.c =================================================================== RCS file: /cvsroot/pgsql/src/backend/libpq/md5.c,v retrieving revision 1.6 diff -c -r1.6 md5.c *** src/backend/libpq/md5.c 2001/09/21 20:31:47 1.6 --- src/backend/libpq/md5.c 2001/09/27 22:23:20 *************** *** 19,24 **** --- 19,32 ---- #include "libpq/crypt.h" + #ifdef FRONTEND + #undef palloc + #define palloc malloc + #undef pfree + #define pfree free + #endif + + /* * PRIVATE FUNCTIONS */ *************** *** 289,303 **** bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len, char *buf) { ! char crypt_buf[128]; ! ! if (salt_len + strlen(passwd) > 127) ! return false; ! strcpy(buf, "md5"); ! memset(crypt_buf, 0, 128); ! memcpy(crypt_buf, salt, salt_len); ! memcpy(crypt_buf+salt_len, passwd, strlen(passwd)); ! return md5_hash(crypt_buf, salt_len + strlen(passwd), buf + 3); } --- 297,315 ---- bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len, char *buf) { ! char *crypt_buf = palloc(strlen(passwd) + salt_len); ! bool ret; ! strcpy(buf, "md5"); ! /* ! * Place salt at the end because it may be known by users ! * trying to crack the MD5 output. ! */ ! strcpy(crypt_buf, passwd); ! memcpy(crypt_buf+strlen(passwd), salt, salt_len); ! ! ret = md5_hash(crypt_buf, strlen(passwd) + salt_len, buf + 3); ! pfree(crypt_buf); ! return ret; }
pgsql-general by date: