> > Doing the random salt over the wire would still be a problem.
>
> There is absolutely no technical problem with storing hashed passwords and
> still sending salted hash over the wire. It was recently discussed in detail
> in "Hashing passwords" thread in pgsql-hackers list.
But you are hashing it with a secret known by the database adminstrator,
and someone knows any password, like their own, can guess the secret by
looking at the hashed version, no?
-- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026