Jeff Davis wrote:
On Mon, 2009-09-28 at 15:52 -0700, Josh Berkus wrote:
It takes about 32 hours to brute force all passwords from [a-zA-Z0-9]
of up to 8 chars in length.
That would be a reason to limit the number of failed connection attempts
from a single source, then, rather than a reason to change the hash
function.
That doesn't solve the problem of an administrator brute-forcing your password.
Indeed. These brute force checkers aren't checking them by actually
trying the connection.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
