Postgres Pro
Downloads
Home   >   mailing lists

Re: You're on SecurityFocus.com for the cleartext passwords. - Mailing list pgsql-hackers

From Vince Vielhaber
Subject Re: You're on SecurityFocus.com for the cleartext passwords.
Date
Msg-id Pine.BSF.4.21.0005061433430.13987-100000@paprika.michvhf.com
Whole thread Raw
In response to Re: You're on SecurityFocus.com for the cleartext passwords.  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: You're on SecurityFocus.com for the cleartext passwords.  (Benjamin Adida <ben@mit.edu>)
Re: You're on SecurityFocus.com for the cleartext passwords.  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-hackers
Tree view 
On Sat, 6 May 2000, Tom Lane wrote:

> Benjamin Adida <ben@mit.edu> writes:
> >> It doesn't sound like MD5 changes this at all.
> 
> > The MD5 definitely doesn't change anything except overall security strength
> > of the algorithm.
> 
> OK, understood.  So it seems that switching to MD5 would offer (a) more
> portability to platforms without crypt(3), and (b) better security,
> at the costs of (a) implementation effort and (b) cross-version
> compatibility problems.  We probably ought to keep that discussion
> separate from the one about how the challenge protocol works.

I agree.
> > The additional random salt prevents someone from sniffing
> > the communication between client and server and then simply log in by
> > sending the known hash of the password. The challenge-response means that
> > sniffing one login doesn't allow you to fake the next one.
> 
> How so?  The server sends out one fixed salt (the one stored for that
> user's password in pg_shadow) and one randomly-chosen salt.  The client
> sends back two crypted passwords.  The server can check one of them.
> What can it do with the other?  Nothing that I can see, so where is the
> security gain?  A sniffer can still get in by sending back the same
> pair of crypted passwords next time, no matter what random salt is
> presented.

Off hand here is the only way I can see that this can work.

1) client gets password from user and md5's it.
2) upon connecting, the client receives a random salt from the server.
3) the client md5's the already md5'd password with this new salt.
4) the client sends the resulting hash to the server.
5) the server takes the md5'd password from pg_shadow and md5's it  with the same random salt it sent to the client.
6) if it matches, the server sends yet another salt to the client.
7) repeat steps 3, 4 and 5.
8) if it matches the client's in.

Why should this work?  Because the next time the client tries to connect
it will be given a different salt.   But why twice?  It seems that once
would be enough since it's a random salt to begin with and the client
should never be getting that salt twice.

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net128K ISDN from $22.00/mo - 56K Dialup from
$16.00/moat Pop4 Networking       Online Campground Directory    http://www.camping-usa.com      Online Giftshop
Superstore   http://www.cloudninegifts.com
 
==========================================================================

pgsql-hackers by date:

Previous
From: Benjamin Adida
Date:
Subject: Re: You're on SecurityFocus.com for the cleartext passwords.
Next
From: Benjamin Adida
Date:
Subject: Re: You're on SecurityFocus.com for the cleartext passwords.