Re: A stab at implementing better password hashing, with mixed results

Поиск
Список
Период
Сортировка
От Claudio Freire
Тема Re: A stab at implementing better password hashing, with mixed results
Дата
Msg-id CAGTBQpbRgrRctMD7Q-UeTcchGp7JeL10r8hT8rErj3EYnrXvng@mail.gmail.com
обсуждение исходный текст
Ответ на A stab at implementing better password hashing, with mixed results  (Peter Bex <Peter.Bex@xs4all.nl>)
Ответы Re: A stab at implementing better password hashing, with mixed results
Список pgsql-hackers
Дерево обсуждения 
On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex <Peter.Bex@xs4all.nl> wrote:
>
> Implementing a more secure challenge-response based algorithm means
> a change in the client-server protocol.  Perhaps something like SCRAM
> (maybe through SASL) really is the way forward for this, but that
> seems like quite a project and it seems to dictate how the passwords are
> stored; it requires a hash of the PBKDF2 algorithm to be stored.

It would be nonsense to do it in any other way... protecting the
password store and not the exchange would just shift the weak spot.

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Marko Kreen
Дата:
Сообщение: Re: pgcrypto seeding problem when ssl=on
Следующее
От: Peter Bex
Дата:
Сообщение: Re: A stab at implementing better password hashing, with mixed results