Re: [HACKERS] Re: Hashing passwords (was Updated TODO list)

Gene Sokolov <hook@aktrad.ru>

From: "Gene Sokolov" <hook@aktrad.ru>
To: "Louis Bertrand" <louis@bertrandtech.on.ca>, "Bruce Momjian" <maillist@candle.pha.pa.us>
Cc: <pgsql-hackers@postgreSQL.org>
Date: 1999-07-12T06:37:47Z
Lists: pgsql-hackers
I completely agree with Louis. It's not just the hacker: there is no need
for sysadmin to know passwords as well. I believe the security scheme where
sysadmin or anyone has to take action in order *not* to see passwords is
flawed.

I think the following solution would be satisfactory:
Store SHA(password) XOR SHA(mastervalue [+] uid). In case it's difficult to
alter the wire protocol, store password XOR SHA(mastervalue [+] uid). Either
way no one can get useful info without knowing the master value. Even simple
password XOR <mastervalue> would be helpful.

Gene Sokolov.

From: Louis Bertrand <louis@bertrandtech.on.ca>
> Why should anyone be able to read cleartext passwords, or even need to?
> People have a habit of reusing the same password for logins elsewhere.
> Hash the password as it's entered and compare hashes. This way, even if
> the password file (PostgreSQL's or the system's) is compromised, the
> attacker gains no extra information.
>
> > > From: Bruce Momjian <maillist@candle.pha.pa.us>
> > Yes, I remember now.  We keep them in clear, because we send random
> > salt-encrypted versions over the wire.  Only Postgresql can read this
> > table.