Home > mailing lists

Re: [HACKERS] Hashing passwords (was Updated TODO list) - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: [HACKERS] Hashing passwords (was Updated TODO list)
Date	July 12, 1999 12:35:00
Msg-id	Pine.LNX.4.10.9907120933190.4521-100000@saxony.pathwaynet.com Whole thread Raw
In response to	Re: [HACKERS] Hashing passwords (was Updated TODO list) (Louis Bertrand <louis@bertrandtech.on.ca>)
List	pgsql-hackers

Tree view

On Fri, 9 Jul 1999, Louis Bertrand wrote:

> It would be nice if the password scheme you finally settle on can be
> optionally replaced (compile-time) by the password hash available native
> on the OS. In the case of OpenBSD, the Blowfish-based replacement for the
> DES or MD5 based crypt(3) is better suited to resisting dictionary and
> other offline attacks by fast processors.
> 
> This suggestion is useful in case the shadow password file is compromised.
> It is independent of any challenge-response protocol you apply upstream.

Perhaps one could also allow the use of PAM where available. That would
make things infinitely easier for administrators.

-- 
Peter Eisentraut
PathWay Computing, Inc.

pgsql-hackers by date:

From: "Gene Sokolov"
Date: 12 July 1999, 12:33:40
Subject: Re: [HACKERS] Re: Hashing passwords (was Updated TODO list)

From: Maarten Boekhold
Date: 12 July 1999, 12:37:21
Subject: Re: [HACKERS] Fwd: Joins and links

Re: [HACKERS] Hashing passwords (was Updated TODO list) - Mailing list pgsql-hackers

Previous

Next