* Eliot Simcoe ([EMAIL PROTECTED]) wrote: > On Apr 21, 2005, at 8:59 PM, Stephen Frost wrote: > >The intention of the 'md5' method in pg_hba.conf is to avoid having > >the > >password go over the network in the clear, yes. Unfortunately, this > >pretty much requires that the database have something which is > >password-equivilant stored on disk. > > Wouldn't it be possible for postgres to rehash the md5 checksum of the > password before storing it in pg_shadow? This seems preferable if not > optimal. > Does anyone know why this is not being done?
Well, let's consider what's happening with that:
server- user added 'with encrypted password'
server- generate random salt
server- perform md5(md5(password+username)+salt) into hash
server- store hash and salt in pg_shadow
client- contact server
server- randomly generate challenge
server- send challenge to client
client- perform md5(md5(password+username)+challenge) into response
client- send response to server
server- retrive hash and salt from pg_shadow
server- perform md5(hash+salt) into expected
server- compare response from client to expected
server- nope, they don't match...
Whoops, that doesn't work, trying to compare:
md5(md5(password+username)+challenge) to
md5(md5(password+username)+salt)
Challenge and salt aren't the same, nor should they be (if they were
then they'd have to be constant and you would have to send it over the
wire).
If I missed something in this, please let me know.
Stephen
signature.asc
Description: Digital signature
