Re: Encoding passwords

> > That said if hostile people get to the stage where they can read the
> > encoded passwords, you're probably screwed anyway - they're likely to be
> > able to do other things some even more undesirable. So it's not really a
> > big deal compared to other issues.
> >
>
> We have new code in 7.2 that will do MD5 encryption of passwords stored
> in pg_shadow.  We add the salt to the front of the password before
> passing through MD5.  You are suggesting putting the salt at the end.
>
> I guess the issue is that if you can get the salt part found out, you
> can use that to attack the password part.  Also, consider that we use
> the username as the salt as stored in pg_shadow.  We can easily put the
> salt in the back, but then there is the risk that a long password would
> not take into account the salt.  My feeling that this is more a
> theoretical concern and we may be opening ourselves up to more problems
> if we make the change.

OK, I have applied the following patch to the MD5 code that puts the
salt at the end.  We can't change the crypt() stuff because that is
being used in older releases.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
Index: src/backend/libpq/md5.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/libpq/md5.c,v
retrieving revision 1.6
diff -c -r1.6 md5.c
*** src/backend/libpq/md5.c    2001/09/21 20:31:47    1.6
--- src/backend/libpq/md5.c    2001/09/27 22:23:20
***************
*** 19,24 ****
--- 19,32 ----

  #include "libpq/crypt.h"

+ #ifdef FRONTEND
+ #undef palloc
+ #define palloc malloc
+ #undef pfree
+ #define pfree free
+ #endif
+
+
  /*
   *    PRIVATE FUNCTIONS
   */
***************
*** 289,303 ****
  bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len,
                  char *buf)
  {
!     char crypt_buf[128];
!
!     if (salt_len + strlen(passwd) > 127)
!         return false;
!
      strcpy(buf, "md5");
!     memset(crypt_buf, 0, 128);
!     memcpy(crypt_buf, salt, salt_len);
!     memcpy(crypt_buf+salt_len, passwd, strlen(passwd));

!     return md5_hash(crypt_buf, salt_len + strlen(passwd), buf + 3);
  }
--- 297,315 ----
  bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len,
                  char *buf)
  {
!     char *crypt_buf = palloc(strlen(passwd) + salt_len);
!     bool ret;
!
      strcpy(buf, "md5");
!     /*
!      *    Place salt at the end because it may be known by users
!      *    trying to crack the MD5 output.
!      */
!     strcpy(crypt_buf, passwd);
!     memcpy(crypt_buf+strlen(passwd), salt, salt_len);
!
!     ret = md5_hash(crypt_buf, strlen(passwd) + salt_len, buf + 3);
!     pfree(crypt_buf);

!     return ret;
  }