Re: Authenticate with hash instead of plaintext password? - Mailing list pgsql-general

From Peter Bex
Subject Re: Authenticate with hash instead of plaintext password?
Date
Msg-id 20121216184952.GA14498@frohike.homeunix.org
Whole thread Raw
In response to Re: Authenticate with hash instead of plaintext password?  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-general
On Sun, Dec 16, 2012 at 01:30:29PM -0500, Tom Lane wrote:
> Peter Bex <Peter.Bex@xs4all.nl> writes:
> > On Sun, Dec 16, 2012 at 12:51:08PM -0500, Tom Lane wrote:
> >> Right, they can break into *this account*.
>
> > Not *just* this one, but any account on any service that uses this
> > same algorithm.
>
> That's easily fixed.  I'd be inclined to make the "password" hash be a
> hash of the actual password plus the user's name plus some
> web-site-specific random salt string.

That could work, provided the hashing algorithm is one of the stronger
varieties (eg bcrypt, scrypt, pbkdf2).  If it's a simple hash, you
still run the risk of having the password recovered through one of the
methods pointed out in my other post.

However, if the hash is going to be stored as-is in postgres and
immediately used as the password, the user will also need to put the
hash in their web scripts (assuming it's an interface to manage shared
hosting accounts), and *if* the postgres port can be accessed directly
for client programs they'll need to use this hash there as well.
This may or may not be desirable.

Cheers,
Peter
--
http://sjamaan.ath.cx
--
"The process of preparing programs for a digital computer
 is especially attractive, not only because it can be economically
 and scientifically rewarding, but also because it can be an aesthetic
 experience much like composing poetry or music."
                            -- Donald Knuth


pgsql-general by date:

Previous
From: Murray Cumming
Date:
Subject: Re: Authenticate with hash instead of plaintext password?
Next
From: David Wall
Date:
Subject: PG 8.4 to 9.2 upgrade issues with ownership of large objects