Re: Salt in encrypted password in pg_shadow
| От | Tom Lane |
|---|---|
| Тема | Re: Salt in encrypted password in pg_shadow |
| Дата | |
| Msg-id | 14516.1094610460@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Salt in encrypted password in pg_shadow (Steve Atkins <steve@blighty.com>) |
| Ответы |
Re: Salt in encrypted password in pg_shadow
|
| Список | pgsql-general |
Steve Atkins <steve@blighty.com> writes:
> A random salt stored with the hashed password increases the storage
> and precomputation time required by the size of the salt (so a 16 bit
> salt would increase the storage and precomputation time needed by
> a factor of 65536). That increase makes the pre-computed dictionary
> attack pretty much infeasible.
[ raised eyebrow... ] It is not immediately obvious that a factor of
2^16 makes the difference between feasible and infeasible. As
counterexamples, if it would otherwise take you one microsecond to break
the password, 64 milliseconds isn't going to scare you; if it would
otherwise take you a century to break the password, raising it to
64k centuries isn't going to make for a very meaningful improvement in
security either.
Show me a scheme where the random salt isn't stored right beside the
password, and I might start to get interested.
regards, tom lane
В списке pgsql-general по дате отправления: