Tom Lane wrote:
>>I read that the password hash in pg_shadow is salted with username. Is
>>this still the case? If so, since probably 99% of all PostgreSQL has
>>"postgres" as the superuser name, wouldn't it be better to use standard
>>Unix/Apache MD5 hash instead?
>
> How does that improve anything? If we add a random salt into it, we'd
> have to store the salt in pg_shadow, so there wouldn't be any secrecy
> added --- an attacker who can read pg_shadow could see the salt too.
Consider someone who creates a long list of:
MD5( "postgres" + "aaaaaaaa" )
MD5( "postgres" + "aaaaaaab" )
MD5( "postgres" + "aaaaaaac" )
...
Now if he has access to other people's pg_shadow, he can compare the
hashes with his dictionary. Replacing "postgres" with a random salt
defeats this dictionary attack (and thus he will have to resort to brute
force).
> (Actually, an attacker who can read pg_shadow is already superuser,
> so it's not clear there's anything left to hide from him anyway.)
But consider someone who finds a harddisk or tape containing a database
backup... he can then gain access to the real, online database.
--
dave