I found this at freshmeat.net:
------------------------------
Secure Remote Password (SRP) is a password-based authentication and key exchange mechanism where no information about
thepassword is leaked during the authentication process. It does not require any
public key cryptography, yet even if one were to eavesdrop on the authentication process, no information which would
aidin guessing
the password can be obtained (in theory). There are some reworked Telnet and FTP clients and servers available
already.
http://srp.stanford.edu/srp/
It stores encrypted passwords on the server (not simple XOR), sends
different
data over the wire every time, it's is impossible to listen on the wire
and
compute the password (even with the simplest passwords).
see http://srp.stanford.edu/srp/design.html
/* m */
Gene Sokolov wrote:
>
> I completely agree with Louis. It's not just the hacker: there is no need
> for sysadmin to know passwords as well. I believe the security scheme where
> sysadmin or anyone has to take action in order *not* to see passwords is
> flawed.
>
> I think the following solution would be satisfactory:
> Store SHA(password) XOR SHA(mastervalue [+] uid). In case it's difficult to
> alter the wire protocol, store password XOR SHA(mastervalue [+] uid). Either
> way no one can get useful info without knowing the master value. Even simple
> password XOR <mastervalue> would be helpful.
>
> Gene Sokolov.
>
> From: Louis Bertrand <louis@bertrandtech.on.ca>
> > Why should anyone be able to read cleartext passwords, or even need to?
> > People have a habit of reusing the same password for logins elsewhere.
> > Hash the password as it's entered and compare hashes. This way, even if
> > the password file (PostgreSQL's or the system's) is compromised, the
> > attacker gains no extra information.
> >
> > > > From: Bruce Momjian <maillist@candle.pha.pa.us>
> > > Yes, I remember now. We keep them in clear, because we send random
> > > salt-encrypted versions over the wire. Only Postgresql can read this
> > > table.
