Home > mailing lists

Re: PostgreSQL cleartext passwords - Mailing list pgsql-general

From	Lincoln Yeoh
Subject	Re: PostgreSQL cleartext passwords
Date	May 24, 2000 01:07:57
Msg-id	3.0.5.32.20000524100708.008a36e0@pop.mecomb.po.my Whole thread Raw
In response to	Re: PostgreSQL cleartext passwords (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: PostgreSQL cleartext passwords (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-general

Tree view

At 09:59 PM 18-05-2000 -0400, Tom Lane wrote:
>Lincoln Yeoh <lylyeoh@mecomb.com> writes:
>> At 05:38 PM 18-05-2000 -0400, Tom Lane wrote:
>
>> But if someone sniffs the crypted form, won't they be able to reuse it?
>
>Not unless they're lucky enough to be challenged with the same random
>"salt" value that was used in the login transaction they sniffed.

Well then it's a max of 4096 tries? Assuming a normal crypt size salt.

Of course a dictionary crack might be easy enough and definitely less
obstrusive than <salt-permutation> tries.

Does 7.0 log authentication failures on a different level?

Cheerio,

Link.

pgsql-general by date:

From: Lincoln Yeoh
Date: 24 May 2000, 00:41:00
Subject: Re: initdb and "exit_nicely"...

From: Lamar Owen
Date: 24 May 2000, 02:28:57
Subject: Re: initdb and "exit_nicely"...

Re: PostgreSQL cleartext passwords - Mailing list pgsql-general

Previous

Next