Re: [HACKERS] Re: Hashing passwords (was Updated TODO list)
Gene Sokolov <hook@aktrad.ru>
From: "Gene Sokolov" <hook@aktrad.ru>
To: "Louis Bertrand" <louis@bertrandtech.on.ca>, "Bruce Momjian" <maillist@candle.pha.pa.us>
Cc: <pgsql-hackers@postgreSQL.org>
Date: 1999-07-12T06:37:47Z
Lists: pgsql-hackers
I completely agree with Louis. It's not just the hacker: there is no need for sysadmin to know passwords as well. I believe the security scheme where sysadmin or anyone has to take action in order *not* to see passwords is flawed. I think the following solution would be satisfactory: Store SHA(password) XOR SHA(mastervalue [+] uid). In case it's difficult to alter the wire protocol, store password XOR SHA(mastervalue [+] uid). Either way no one can get useful info without knowing the master value. Even simple password XOR <mastervalue> would be helpful. Gene Sokolov. From: Louis Bertrand <louis@bertrandtech.on.ca> > Why should anyone be able to read cleartext passwords, or even need to? > People have a habit of reusing the same password for logins elsewhere. > Hash the password as it's entered and compare hashes. This way, even if > the password file (PostgreSQL's or the system's) is compromised, the > attacker gains no extra information. > > > > From: Bruce Momjian <maillist@candle.pha.pa.us> > > Yes, I remember now. We keep them in clear, because we send random > > salt-encrypted versions over the wire. Only Postgresql can read this > > table.