On Wed, Apr 20, 2005 at 06:03:18PM -0400, Tom Lane wrote: > Well, I have no particular problem with offering SHA1 as an alternative > hash method for those who find MD5 too weak ... but I still question the > value of putting any random salt in the table. AFAICS you would have to > send that salt as part of the initial password challenge, which means > any potential attacker could find it out even before trying to > compromise pg_shadow; so Stephen's argument that there is a useful > improvement in protection against precomputation of password hashes > still falls down. > > BTW, one could also ask exactly what threat model Stephen is concerned > about. ISTM anyone who can obtain the contents of pg_shadow has > *already* broken your database security. FWIW, I do think there's some benefit to not being able to pre-compute an entire hash table for accounts such as 'postgres' and 'www'. But I agree it would be useful to know the actual threat model. -- Jim C. Nasby, Database Consultant decibel@xxxxxxxxxxx Give your computer some brain candy! www.distributed.net Team #1828 Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?"
