lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050421180553.GB29028@ns.snowman.net>
Date: Thu, 21 Apr 2005 14:05:54 -0400
From: Stephen Frost <sfrost@...wman.net>
To: "Joshua D. Drake" <jd@...mandprompt.com>
Cc: "Jim C. Nasby" <decibel@...ibel.org>, Tom Lane <tgl@....pgh.pa.us>,
   pgsql-hackers@...tgresql.org, bugtraq@...urityfocus.com
Subject: Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

* Joshua D. Drake (jd@...mandprompt.com) wrote:
> >Simply put, MD5 is no longer strong enough for protecting secrets. It's
> >just too easy to brute-force. SHA1 is ok for now, but it's days are
> >numbered as well. I think it would be good to alter SHA1 (or something
> >stronger) as an alternative to MD5, and I see no reason not to use a
> >random salt instead of username.
> 
> If you aren't paying close enough attention to your database server to
> see that someone is trying to brute force your MD5 password you have 
> bigger problems.

If the attacker knows the salt then she can do almost all of the
brute-force work up-front before even attempting to attack the system
directly.  The sys admin would have no way of knowing this was
happening.  Once this is done the attacker just needs the hash from
pg_shadow to quickly find the user's password (or something that hashes
to the same thing).  

In this situation I'm assuming the system is using the 'password' 
method in pg_hba.conf.  If the system used the 'md5' method in 
pg_hba.conf the attacker would need only the hash from pg_shadow to 
authenticate and wouldn't need the users original password at all.

If a random salt were used in this situation, and 'password' were used
in pg_hba.conf then the attacker would be unable to determine the salt
ahead of time and would be forced to generate the keyspace after
obtaining pg_shadow to brute-force the password, a time consuming
process hopefully given the admin an opportunity to discover the
compromise.

	Thanks,

		Stephen

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ