Tom Lane wrote:
>>Hm, I thought the purpose of salt is generally well understood?
>
> Apparently not.
>
> The purpose of salting the encrypted passwords in pg_shadow is *not* to
> protect them against attackers who have somehow managed to
> illegitimately read pg_shadow. (As I explained before, such attackers
> are effectively superuser already, and so protecting the superuser
> password from them is not nearly as interesting as all that.) The
> purpose is to prevent unscrupulous DBAs from deducing the cleartext
> passwords being used by their users. Since the users presumably are not
> all named "postgres", the argument you are advancing is not relevant.
Then I'd say the purpose is wrong. There is not much hope in protecting
unscrupulous DBAs from getting their users' password anyway (they can
most probably sniff traffic, trap/log queries, or shut down postmaster
and replace it with a trojan binary).
The purpose of a salt, by most definition, should be to discourage
dictionary attack.
Anyway, I think we've agreed that the current protocol need not be
changed, on the basis of too much pain caused. But there's no reason not
to use random salt in future protocol. It offers the benefit you
mentioned plus protects against dictionary attack.
--
dave