On Sun, Dec 16, 2012 at 12:51:08PM -0500, Tom Lane wrote: > Peter Bex <Peter.Bex@xxxxxxxxx> writes: > > If they do break in and are able to retrieve the password hash, they > > can still break in with that hash. > > Right, they can break into *this account*. Not *just* this one, but any account on any service that uses this same algorithm. Even if this is a completely custom algorithm that no other service is going to use, there's still the risk that when one of his servers is cracked, if a customer has multiple accounts they are all compromised even if they are on servers that weren't compromised. (of course, assuming they use the same password - but that's a reality we'll have to face, hence his original request) Finally, if it's a naive implementation of calculating a single hash run, the password can be easily retrieved. Either by brute-force (with eg Hashcat or John the Ripper), or even common search engines. See for example http://tools.benramsey.com/md5/ > But Murray is worrying about the all-too-common case where a user > has used the same or similar password for multiple sites. I think > his goal of not having the original password stored anywhere is laudable. Absolutely, I completely agree. I wasn't trying to put down this important goal. There have been too many incidents of hacked password databases. This has to end. That's why I'm so keen on trying to warn against doing it in the way he originally proposed. > Perhaps I'm missing the context here, but it seems unlikely that the > users have any direct access to the database. If they can only get to > it through the website, then what about the idea of hashing the original > text, and then using that hashed string as the database password? See above; the password can be easily retrieved. > IOW I don't see why this must be implemented inside libpq rather than > in the website logic. I'm not sure this is necessary either. Cheers, Peter -- http://sjamaan.ath.cx -- "The process of preparing programs for a digital computer is especially attractive, not only because it can be economically and scientifically rewarding, but also because it can be an aesthetic experience much like composing poetry or music." -- Donald Knuth -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
