Thread: Re: Re: Proposal for encrypting pg_shadow passwords
> Bruce Momjian <pgman@candle.pha.pa.us> writes: > > OK, patch attached. Pretty nifty. Try MD5 first, and if it fails, try > > crypt. > > What??? > > Where did *that* idea come from? If I'm using the new auth method > because I don't think the old one is secure, I sure as heck don't want > an old (or deliberately-broken) client to cause a fallback to a less > secure method. Just a reminder. What I think it insecure is the size of our salt. With only 3300 possible salts, it doesn't take long to playback a duplicate. That is true of MD5 and crypt. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Just a reminder. What I think it insecure is the size of our salt.
> With only 3300 possible salts, it doesn't take long to playback a
> duplicate. That is true of MD5 and crypt.
But aren't we increasing the size of the salt keyspace for MD5?
It'd surely be a major oversight not to.
regards, tom lane
> Bruce Momjian <pgman@candle.pha.pa.us> writes: > > Just a reminder. What I think it insecure is the size of our salt. > > With only 3300 possible salts, it doesn't take long to playback a > > duplicate. That is true of MD5 and crypt. > > But aren't we increasing the size of the salt keyspace for MD5? > It'd surely be a major oversight not to. We aren't. I can do that, but have not discussed it yet. If we do it is clearly a protocol change. How will old clients handle longer salt, and how do I know if they are older if I don't bump up the protocol version number? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026