Tom Lane wrote:
It's worth pointing out also that adding a per-user-entry random salt to the password protocol is not some kind of penalty-free magic bullet. In particular it implies information leakage: I can tell from the password challenge (or lack of one) whether the username I have offered is valid. So rather than claiming "this is unconditionally a good thing to do", you must actually provide a credible scenario that makes the threat you are defending against more dangerous than the sorts of new threats we'll be exposed to. So far I haven't seen a very credible threat here.
Ok, this made me think a bit. It's a valid point. I started off just thinking that you would send along the stored salt with the random session salt in something like the current AuthenticationMD5Password message, and if the user didn't exist send something faked out. But you would still get the information leak unless the faked out part could be consistent (inconsistency would imply an invalid user id), so it couldn't just be something random - you'd either have to make it algorithmic, which would kinda defeat the purpose, or keep a dictionary ... and we're back in much the same place we came in.
cheers
andrew
---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend