Re: Is md5 really more secure than crypt? - Mailing list pgsql-general

From Joe Conway
Subject Re: Is md5 really more secure than crypt?
Date
Msg-id 3D0CE29E.8070002@joeconway.com
Whole thread Raw
In response to Re: Is md5 really more secure than crypt?  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-general
Tom Lane wrote:
>
> MD5 is not commutative in this sense, and it might be that any hash
> algorithm that is could not be cryptographically strong.  But we could
> look around and see what's out there...
>

I've never come across a commutative hash, but what you describe sounds
similar to the way asymmetric (i.e. public key) algorithms work. But
even with SSL, etc, the server certificate is normally encrypted on disk
to prevent compromise in the event someone gains local access. The
problem then becomes one of bootstrapping the system -- SSL web servers
with encrypted certificates need a warm body around when they boot to
type in the password used to encrypt the certificate.

My take is that if we're really concerned with the scenario described,
we'd need something similar. Have the dba type a password when the
postmaster is started, use that password to decrypt the stored encrypted
hashed users' passwords. Everything else stays pretty much as is. The
question remains as to whether it is really worth all the trouble,
especially since the server needs to be compromised in the first place
before the current behavior is a problem.

(Except, as I've mentioned before, security gurus would prefer we use
HMAC instead of a simple hash for authentication -- see:
     http://www-cse.ucsd.edu/users/mihir/papers/kmd5.pdf
     and
     http://www.faqs.org/rfcs/rfc2104.html
if you're curious. It basically involves using a hash like md5 or sha1
in a specific way. I've implemented this before and would be happy to
help if there is interest. I think there is even an HMAC function in
contrib/pgcrypto now.)

Joe


pgsql-general by date:

Previous
From: Jochem van Dieten
Date:
Subject: Re: Xeon, P4 or Athlon MP
Next
From: Tom Lane
Date:
Subject: Re: slow INSERTS :((