Home > mailing lists

Re: Re: Proposal for encrypting pg_shadow passwords - Mailing list pgsql-patches

From	Tom Lane
Subject	Re: Re: Proposal for encrypting pg_shadow passwords
Date	August 16, 2001 13:39:39
Msg-id	9540.997970637@sss.pgh.pa.us Whole thread Raw
In response to	Re: Re: Proposal for encrypting pg_shadow passwords (Bruce Momjian <pgman@candle.pha.pa.us>)
Responses	Re: Re: Proposal for encrypting pg_shadow passwords
List	pgsql-patches

Tree view

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Just a reminder.  What I think it insecure is the size of our salt.
> With only 3300 possible salts, it doesn't take long to playback a
> duplicate.  That is true of MD5 and crypt.

But aren't we increasing the size of the salt keyspace for MD5?
It'd surely be a major oversight not to.

            regards, tom lane

pgsql-patches by date:

From: Bruce Momjian
Date: 16 August 2001, 13:34:01
Subject: Re: Re: Proposal for encrypting pg_shadow passwords

From: Tom Lane
Date: 16 August 2001, 13:45:24
Subject: Re: Re: Proposal for encrypting pg_shadow passwords

Re: Re: Proposal for encrypting pg_shadow passwords - Mailing list pgsql-patches

Previous

Next