Thread: does md5 really help against sniffing?

does md5 really help against sniffing?

From

jens.timmerman@gmail.com

Date:

25 August 2016, 23:42:16

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/9.1/static/auth-methods.html
Description:

this page claims
'If you are at all concerned about password "sniffing" attacks then md5 is
preferred. '
but how does this really help? If an md5 hash is enough to get access, then
sniffing an md5has is actually the same as sniffing the password?'

Re: does md5 really help against sniffing?

From

Bruce Momjian

Date:

26 August 2016, 01:41:49

On Thu, Aug 25, 2016 at 03:35:17PM +0000, jens.timmerman@gmail.com wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/9.1/static/auth-methods.html
> Description:
>
> this page claims
> 'If you are at all concerned about password "sniffing" attacks then md5 is
> preferred. '
> but how does this really help? If an md5 hash is enough to get access, then
> sniffing an md5has is actually the same as sniffing the password?'

There is random salt added to the network md5 hash.  Please read the
docs on this.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +