Home > mailing lists

Re: Encrypting pg_shadow passwords - Mailing list pgsql-hackers

From	fche@redhat.com (Frank Ch. Eigler)
Subject	Re: Encrypting pg_shadow passwords
Date	June 27, 2001 13:02:09
Msg-id	o5lmmegh3j.fsf@toenail.toronto.redhat.com Whole thread Raw
In response to	Re: Re: Encrypting pg_shadow passwords (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Re: Encrypting pg_shadow passwords (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

pgman wrote:

: OK, I get you now.  Why not ask the client to do a crypt and compare
: that to pg_shadow.  [...]

You can't trust the client to do the one-way encryption, for then the
encrypted password becomes plaintext-equivalent - it defeats the
purpose.  (The SMB protocol apparently suffers or suffered from a
similar flaw.)


tgl wrote:

: What this discussion seems to come down to is whether we should take a
: backward step in one area of security (security against wire-sniffing)
: to take a forward step in another (not storing plaintext passwords).
: [...]

It seems to me that the two issues are orthogonal.  Authentication and
confidentiality are not mutually dependent or reinforcing, and thus
generally need separate mechanisms.


- FChE

pgsql-hackers by date:

From: Tatsuo Ishii
Date: 27 June 2001, 12:54:12
Subject: Re: stuck spin lock with many concurrent users

From: Thomas Lockhart
Date: 27 June 2001, 13:03:28
Subject: Re: postgresql 7.1.1 and textout and textin

Re: Encrypting pg_shadow passwords - Mailing list pgsql-hackers

Previous

Next