Bruce Momjian wrote:
>
> >
> > So we're in agreement on using MD5. Sverre, is the offer still open
> > for the java MD5 you wrote? I'll translate it to C and make sure it
> > will compile/run/give-correct-results on as many platforms as possible
> > including DOS/Windows, hpux, FreeBSD and IRIX.
>
> Yes, MD5, double-crypt with pg_shadow salt and random salt. Sounds like
> a winner all around.
why pg_shadow salt ? for md5 we will need to store it separately anyway.
why not MD5(<server-supplied-random-salt> || MD5(<username> ||
<password>))
that way we would overcome the original need for salt (accidental
discovery
of similar passwords) and would have no need for storing the salt.
actually we would probably need some kind of separator as well to avoid
the scenario of <user>+<password> and <userpa>+<ssword> being the same
and thus having the same md5 hash. so the escheme could be
MD5(<server-supplied-random-salt> || '\n' || MD5(<username> || '\n' ||
<password>))
AFAIK there is no easy way to have a newline inside password.
> And finally, we need a trigger to somehow update non-md5 strings in the
> pg_shadow password field. No one is sure how to do that yet.
see my separate mail which I was unable to send yesterday as my phone
line went down ;(
--------------
Hannu
