Home > mailing lists

Re: does md5 really help against sniffing? - Mailing list pgsql-docs

From	Bruce Momjian
Subject	Re: does md5 really help against sniffing?
Date	August 26, 2016 01:41:49
Msg-id	20160825224143.GA26412@momjian.us Whole thread Raw
In response to	does md5 really help against sniffing? (jens.timmerman@gmail.com)
List	pgsql-docs

Tree view

On Thu, Aug 25, 2016 at 03:35:17PM +0000, jens.timmerman@gmail.com wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/9.1/static/auth-methods.html
> Description:
>
> this page claims
> 'If you are at all concerned about password "sniffing" attacks then md5 is
> preferred. '
> but how does this really help? If an md5 hash is enough to get access, then
> sniffing an md5has is actually the same as sniffing the password?'

There is random salt added to the network md5 hash.  Please read the
docs on this.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +

pgsql-docs by date:

From: otter117@yahoo.de
Date: 25 August 2016, 23:42:28
Subject: undocumented feature or bug in subquery : psql (PostgreSQL) 9.4.6 on SLES12 SP1

From: Tom Lane
Date: 26 August 2016, 16:07:21
Subject: Re: undocumented feature or bug in subquery : psql (PostgreSQL) 9.4.6 on SLES12 SP1

Re: does md5 really help against sniffing? - Mailing list pgsql-docs

Previous

Next