Home > mailing lists

Re: [pgadmin-hackers] Client-side password encryption - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: [pgadmin-hackers] Client-side password encryption
Date	December 23, 2005 15:17:37
Msg-id	43AC22DF.80108@dunslane.net Whole thread Raw
In response to	Re: [pgadmin-hackers] Client-side password encryption (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

Stephen Frost wrote:

>Is it actually doing challenge-response where the challenge is different
>each time?  
>

The docs say:

AuthenticationMD5Password
   The frontend must now send a PasswordMessage containing the password   encrypted via MD5, using the 4-character salt
specifiedin the   AuthenticationMD5Password message. If this is the correct password,   the server responds with an
AuthenticationOk,otherwise it responds   with an ErrorResponse.

A little investigation reveals that this is port->md5salt which is 4 
random bytes set up fresh per connection (see src/backend/libpq/auth.c 
and src/backend/postmaster/postmaster.c). So it seems indeed to be a 
true (small) one time challenge token, unless I've missed something.

cheers

andrew

pgsql-hackers by date:

From: Stephen Frost
Date: 23 December 2005, 14:54:14
Subject: Re: [pgadmin-hackers] Client-side password encryption

From: Peter Eisentraut
Date: 23 December 2005, 15:39:56
Subject: Spaces in directory names

Re: [pgadmin-hackers] Client-side password encryption - Mailing list pgsql-hackers

Previous

Next