Re: [HACKERS] Re: Hashing passwords (was Updated TODO list) - Mailing list pgsql-hackers

From Mattias Kregert
Subject Re: [HACKERS] Re: Hashing passwords (was Updated TODO list)
Date
Msg-id 3789D26F.FE15EBD1@algonet.se
Whole thread Raw
In response to Re: [HACKERS] Re: Hashing passwords (was Updated TODO list)  (Louis Bertrand <louis@bertrandtech.on.ca>)
List pgsql-hackers
I found this at freshmeat.net:
------------------------------
Secure Remote Password (SRP) is a password-based authentication and  key exchange mechanism where no information about
thepassword is  leaked during the authentication process. It does not require any
 
public  key cryptography, yet even if one were to eavesdrop on the  authentication process, no information which would
aidin guessing
 
the  password can be obtained (in theory). There are some reworked Telnet  and FTP clients and servers available
already.
http://srp.stanford.edu/srp/

It stores encrypted passwords on the server (not simple XOR), sends
different
data over the wire every time, it's is impossible to listen on the wire
and
compute the password (even with the simplest passwords).

see http://srp.stanford.edu/srp/design.html

/* m */

Gene Sokolov wrote:
> 
> I completely agree with Louis. It's not just the hacker: there is no need
> for sysadmin to know passwords as well. I believe the security scheme where
> sysadmin or anyone has to take action in order *not* to see passwords is
> flawed.
> 
> I think the following solution would be satisfactory:
> Store SHA(password) XOR SHA(mastervalue [+] uid). In case it's difficult to
> alter the wire protocol, store password XOR SHA(mastervalue [+] uid). Either
> way no one can get useful info without knowing the master value. Even simple
> password XOR <mastervalue> would be helpful.
> 
> Gene Sokolov.
> 
> From: Louis Bertrand <louis@bertrandtech.on.ca>
> > Why should anyone be able to read cleartext passwords, or even need to?
> > People have a habit of reusing the same password for logins elsewhere.
> > Hash the password as it's entered and compare hashes. This way, even if
> > the password file (PostgreSQL's or the system's) is compromised, the
> > attacker gains no extra information.
> >
> > > > From: Bruce Momjian <maillist@candle.pha.pa.us>
> > > Yes, I remember now.  We keep them in clear, because we send random
> > > salt-encrypted versions over the wire.  Only Postgresql can read this
> > > table.


pgsql-hackers by date:

Previous
From: "John Ridout"
Date:
Subject: RE: [HACKERS] Updated TODO list
Next
From: Mattias Kregert
Date:
Subject: Re: [HACKERS] Re: Hashing passwords (was Updated TODO list)