Re: [HACKERS] Hashing passwords (was Updated TODO list)
Peter Eisentraut <peter@pathwaynet.com>
From: Peter Eisentraut <peter@pathwaynet.com>
To: Louis Bertrand <louis@bertrandtech.on.ca>
Cc: Gene Sokolov <hook@aktrad.ru>, pgsql-hackers@postgresql.org
Date: 1999-07-12T13:34:55Z
Lists: pgsql-hackers
On Fri, 9 Jul 1999, Louis Bertrand wrote: > It would be nice if the password scheme you finally settle on can be > optionally replaced (compile-time) by the password hash available native > on the OS. In the case of OpenBSD, the Blowfish-based replacement for the > DES or MD5 based crypt(3) is better suited to resisting dictionary and > other offline attacks by fast processors. > > This suggestion is useful in case the shadow password file is compromised. > It is independent of any challenge-response protocol you apply upstream. Perhaps one could also allow the use of PAM where available. That would make things infinitely easier for administrators. -- Peter Eisentraut PathWay Computing, Inc.