Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords - Mailing list pgsql-hackers

From Paul Tillotson
Subject Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Date
Msg-id 42684AC0.5070900@shentel.net
Whole thread Raw
In response to Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
Tom Lane wrote:

>Paul Tillotson <pntil@shentel.net> writes:
>  
>
>Hm?  Using md5 is certainly not any *more* dangerous than any of the
>other possible password-based methods.
>
>  
>
Maybe I misunderstood, but I thought that others were saying that, if 
someone gets the contents of  pg_shadow, then

- if you use only "password" in your pg_hba.conf, he has to break one of 
the hashes first in order to log in.
- but if you use "md5" in your pg_hba.conf, then he doesn't have to 
break the hashes at all.

Is this correct?

I guess I personally felt "betrayed" when I heard this since I (naively) 
assumed that the point of hashing passwords was to make it so that 
someone who is able to read your database is prevented from logging in 
and corrupting the data, installing root-kits, etc. 

Now I see that the point of md5 authenticate is to address an entirely 
different problem, namely, having the cleartext password being captured 
on the wire.

Regards,
Paul Tillotson



pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Next
From: Paul Tillotson
Date:
Subject: Re: Proposal for background vacuum full/cluster