Re: You're on SecurityFocus.com for the cleartext passwords.

on 5/6/00 12:45 PM, Sverre H. Huseby at sverrehu@online.no wrote:

> Does anyone here really _know_ (and I mean KNOW)
> security/cryptography?  If so, could you please comment on this
> scheme?  And while you're at it, whats better of MD5 and Unix crypt
> (triple DES ++, isn't it?) from a security perspective?

Finally something I can comment on with a tiny bit of authority :)

The unix crypt command is a sneaky version of DES (I've never heard of
Triple-DES being used for this). Your password is transformed into a DES key
which is then used to encrypt a block of 0's. The result is what's stored in
the password file. Poor Man's Hash, in a sense :)

MD5 is quite standard (as hashing algs go) and much more secure. It allows
for longer passwords, and it's quite fast (easily tens of thousands of MD5
hashes per second on today's midlevel processors). I strongly recommend you
use that.

|       store the password in pg_shadow like a unix-style password with salt
|       pass the random salt and the salt from pg_shadow to the client
|       client crypts the password twice through the routine:
|           once using the pg_shadow salt
|           another time using the random salt

My first impression of this scheme is that it's quite good. Use MD5 instead
of crypt, and it's great. You've got a good challenge-response setup here,
and with MD5 you can even make your salt much longer than the 2 bytes of
unix crypt salt, thus much more secure.

I like it!

-Ben