Home > mailing lists

Re: OT: password encryption (salt theory) - Mailing list pgsql-admin

From	Tim Ellis
Subject	Re: OT: password encryption (salt theory)
Date	August 22, 2002 17:27:29
Msg-id	20020822112945.3d37c2ff.Tim.Ellis@gamet.com Whole thread Raw
In response to	Re: OT: password encryption (salt theory) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-admin

Tree view

> > Can anyone explain to me why a salt is really a good idea
>
> I believe the original purpose was to make it less obvious whether two
> Unix users had the same password.

Ah, plus, as was also pointed out, the attacker cannot precompute a
dictionary attack -- she must do a dictionary attack PER PASSWORD, not per
password file.

This all makes sense. Conclusion: Salt is good. Random salt is best. Any
salt is better than no salt. Thanks for clarifying it, everyone.

--
Tim Ellis
Senior Database Architect
Gamet, Inc.

pgsql-admin by date:

From: Kevin Brannen
Date: 22 August 2002, 17:08:43
Subject: Re: mysqldiff-like utility for PG?

From: Robert Treat
Date: 22 August 2002, 18:43:05
Subject: Re: mysqldiff-like utility for PG?

Re: OT: password encryption (salt theory) - Mailing list pgsql-admin

Previous

Next