Home > mailing lists

Re: Rejecting weak passwords - Mailing list pgsql-hackers

From	Josh Berkus
Subject	Re: Rejecting weak passwords
Date	September 28, 2009 22:53:39
Msg-id	4AC13E48.1070009@agliodbs.com Whole thread Raw
In response to	Re: Rejecting weak passwords (marcin mank <marcin.mank@gmail.com>)
Responses	Re: Rejecting weak passwords Re: Rejecting weak passwords Re: Rejecting weak passwords Re: Rejecting weak passwords
List	pgsql-hackers

Tree view

> It takes about 32 hours to brute force all passwords from [a-zA-Z0-9]
> of up to 8 chars in length.

That would be a reason to limit the number of failed connection attempts
from a single source, then, rather than a reason to change the hash
function.

Hmmm, that would be a useful, easy (I think) security feature: add a GUC
for failed_logins_allowed.

-- 
Josh Berkus
PostgreSQL Experts Inc.
www.pgexperts.com

pgsql-hackers by date:

From: decibel
Date: 28 September 2009, 22:51:42
Subject: Re: TODO item: Allow more complex user/database default GUC settings

From: Alvaro Herrera
Date: 28 September 2009, 22:57:30
Subject: Re: TODO item: Allow more complex user/database default GUC settings

Re: Rejecting weak passwords - Mailing list pgsql-hackers

Previous

Next