encrypted passwords
От | Neil Conway |
---|---|
Тема | encrypted passwords |
Дата | |
Msg-id | 87ptwl9o6d.fsf@klamath.dyndns.org обсуждение исходный текст |
Ответы |
Re: encrypted passwords
(Rod Taylor <rbt@zort.ca>)
Re: encrypted passwords (Bruce Momjian <pgman@candle.pha.pa.us>) Re: encrypted passwords (Tom Lane <tgl@sss.pgh.pa.us>) |
Список | pgsql-hackers |
A couple questions regarding encrypted passwords: (1) There was talk of changing the default value of the 'password_encryption' GUC variable for 7.3; AFAIK, this hasn't happened yet. Should this be done? (2) What is the reasoning behind the current storage format of MD5-encrypted passwords? At the moment, we "determine" thata password is stored pre-hashed in pg_shadow by checking if it begins with "md5" and is 35 characters long (the isMD5()macro in libpq/crypt.h). This seems problematic, for a couple reasons: (a) it needlessly overloads the password field: that field should store the password or the digest itself,not meta-data about the authentication process. (b) it makes it difficult to determine if the password is *actually* encrypted, or whether the user justhappened to specify an (unencrypted) password of that form. (c) it limits us to using the MD5 algorithm. MD5 is not looking as invincible as it once did, and havingthe capability to support SHA1 or another algorithm without too much pain would be nice. (3) (Related to 2b above) Shouldn't we reject an attempt by the user to specify an un-encrypted password that matches theisMD5() test? For example: nconway=# create user foo encrypted password 'md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; CREATE USER nconway=# create user foo2 encrypted password 'somethingelse'; CREATE USER nconway=# select usename, passwd from pg_shadow where usename like 'foo%';usename | passwd ---------+-------------------------------------foo | md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfoo2 | md51b80a20a1b6cd86eb369f01009b739d3 (The first password is stored "as-is", the second is hashed before being stored.) I don't see a need for the ability to specify pre-hashed passwords, and it makes the whole process of determining the type of password being used more complicated. (4) The naming standard for system catalogs would dictate that the 'passwd' field of pg_shadow actually be named 'usepasswd'or something similar, wouldn't it? The same applies to the 'valuntil field. Cheers, Neil -- Neil Conway <neilconway@rogers.com> PGP Key ID: DB3C29FC
В списке pgsql-hackers по дате отправления: