lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Apr 2005 15:36:53 -0400 From: "David F. Skoll" <dfs@...ringpenguin.com> To: Stephen Frost <sfrost@...wman.net> Cc: pgsql-hackers@...tgresql.org, bugtraq@...urityfocus.com Subject: Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost wrote: > The md5 hash which is generated for and stored in pg_shadow does not > use a random salt but instead uses the username which can generally be > determined ahead of time (especially for the 'postgres' superuser > account). I noted that this was a problem back in August, 2002: http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php Then, as now, the developers weren't very concerned. Regards, David. ---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
Powered by blists - more mailing lists