Thread

  1. Re: [HACKERS] Re: Hashing passwords (was Updated TODO list)

    Mattias Kregert <matti@algonet.se> — 1999-07-12T11:50:49Z

    Another nice thing with SRP is that it is a mutual authentication. A
    third party cannot say "hey i'm the server, please connect to me. Sure,
    your password is correct, start sending queries... INSERT? ok, sure,
    INSERT 1 1782136. go on..." and steal a lot of data... the SRP client
    always knows if it is talking to the real thing. No more third party
    attacks...
    http://srp.stanford.edu/srp/others.html
    
    /* m */
    
    
    Gene Sokolov wrote:
    > 
    > I completely agree with Louis. It's not just the hacker: there is no need
    > for sysadmin to know passwords as well. I believe the security scheme where
    > sysadmin or anyone has to take action in order *not* to see passwords is
    > flawed.
    > 
    > I think the following solution would be satisfactory:
    > Store SHA(password) XOR SHA(mastervalue [+] uid). In case it's difficult to
    > alter the wire protocol, store password XOR SHA(mastervalue [+] uid). Either
    > way no one can get useful info without knowing the master value. Even simple
    > password XOR <mastervalue> would be helpful.
    > 
    > Gene Sokolov.
    > 
    > From: Louis Bertrand <louis@bertrandtech.on.ca>
    > > Why should anyone be able to read cleartext passwords, or even need to?
    > > People have a habit of reusing the same password for logins elsewhere.
    > > Hash the password as it's entered and compare hashes. This way, even if
    > > the password file (PostgreSQL's or the system's) is compromised, the
    > > attacker gains no extra information.
    > >
    > > > > From: Bruce Momjian <maillist@candle.pha.pa.us>
    > > > Yes, I remember now.  We keep them in clear, because we send random
    > > > salt-encrypted versions over the wire.  Only Postgresql can read this
    > > > table.