Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords - Mailing list pgsql-hackers

From Jim C. Nasby
Subject Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Date
Msg-id 20050420212323.GT58835@decibel.org
Whole thread Raw
In response to Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted
Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
List pgsql-hackers
On Wed, Apr 20, 2005 at 05:03:18PM -0400, Tom Lane wrote:
> >   This would allow for the pregeneration of the entire md5
> >   keyspace using that 'salt' and then quick breakage of the hash once
> >   it's retrieved by the attacker.
> 
> Considering the size of the possible keyspace, this is pretty silly.

Actually, it's not as silly as you think. You can download rainbow
tables for Windows/LanMan passwords up to 14 or 15 characters in length.
Given the password hash and some code, you can determine the user's
password in a matter of minutes.

Simply put, MD5 is no longer strong enough for protecting secrets. It's
just too easy to brute-force. SHA1 is ok for now, but it's days are
numbered as well. I think it would be good to alter SHA1 (or something
stronger) as an alternative to MD5, and I see no reason not to use a
random salt instead of username.
-- 
Jim C. Nasby, Database Consultant               decibel@decibel.org 
Give your computer some brain candy! www.distributed.net Team #1828

Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: WAL/PITR additional items
Next
From: Simon Riggs
Date:
Subject: Re: Problem with PITR recovery