lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 23 Apr 2005 09:02:37 -0400
From: Stephen Frost <sfrost@...wman.net>
To: Antoine Martin <antoine@...afix.co.uk>
Cc: Bruno Wolff III <bruno@...ff.to>, Tom Lane <tgl@....pgh.pa.us>,
	"Jim C. Nasby" <decibel@...ibel.org>, pgsql-hackers@...tgresql.org,
	bugtraq@...urityfocus.com
Subject: Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted

* Antoine Martin (antoine@...afix.co.uk) wrote:
> Basically, multiple input data that have the same output hash, which is
> of no use when what you are trying to find is the input.
> Finding collisions quicker for a known input is one thing, but that is
> not going to reduce the search space, not even your storage space (it is
> unlikely that the colliding results would all be valid input).

Erm, you aren't necessairly trying to find the input...  It may be the
case that you're trying to find what you need to authenticate to this
server, or any other PostgreSQL server where the same userid & input are
used.  In that case you just need something that hashes to the same
thing.  Using a random salt would mean that it's different per server so
breaking it on one doesn't help you against another server unless you
happened to find the actual original input.

> Is adding the non-guessable salt that hard anyway?

It is if you want to continue to support the 'md5' method in pg_hba.conf
because the wireline protocol will probably need to change.  A less
intrusive alternative would be to add an 'with encrypted password 'xyz'
with random salt' or some such which would only be supported with the
'password' method in pg_hba.conf.

One problem with this is that you then can't just switch from password
to md5 or back again.  Perhaps that's ok though?  Comments?

	Stephen

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ