* Eliot Simcoe ([EMAIL PROTECTED]) wrote: > On Apr 21, 2005, at 8:59 PM, Stephen Frost wrote: > >The intention of the 'md5' method in pg_hba.conf is to avoid having > >the > >password go over the network in the clear, yes. Unfortunately, this > >pretty much requires that the database have something which is > >password-equivilant stored on disk. > > Wouldn't it be possible for postgres to rehash the md5 checksum of the > password before storing it in pg_shadow? This seems preferable if not > optimal. > Does anyone know why this is not being done?
Well, let's consider what's happening with that: server- user added 'with encrypted password' server- generate random salt server- perform md5(md5(password+username)+salt) into hash server- store hash and salt in pg_shadow client- contact server server- randomly generate challenge server- send challenge to client client- perform md5(md5(password+username)+challenge) into response client- send response to server server- retrive hash and salt from pg_shadow server- perform md5(hash+salt) into expected server- compare response from client to expected server- nope, they don't match... Whoops, that doesn't work, trying to compare: md5(md5(password+username)+challenge) to md5(md5(password+username)+salt) Challenge and salt aren't the same, nor should they be (if they were then they'd have to be constant and you would have to send it over the wire). If I missed something in this, please let me know. Stephen
signature.asc
Description: Digital signature