At 09:59 PM 18-05-2000 -0400, Tom Lane wrote:
>Lincoln Yeoh <lylyeoh@mecomb.com> writes:
>> At 05:38 PM 18-05-2000 -0400, Tom Lane wrote:
>
>> But if someone sniffs the crypted form, won't they be able to reuse it?
>
>Not unless they're lucky enough to be challenged with the same random
>"salt" value that was used in the login transaction they sniffed.
Well then it's a max of 4096 tries? Assuming a normal crypt size salt.
Of course a dictionary crack might be easy enough and definitely less
obstrusive than <salt-permutation> tries.
Does 7.0 log authentication failures on a different level?
Cheerio,
Link.