Re: You're on SecurityFocus.com for the cleartext passwords.

Let me comment:

> > How so?  The server sends out one fixed salt (the one stored for that
> > user's password in pg_shadow) and one randomly-chosen salt.  The client
> > sends back two crypted passwords.  The server can check one of them.
> > What can it do with the other?  Nothing that I can see, so where is the
> > security gain?  A sniffer can still get in by sending back the same
> > pair of crypted passwords next time, no matter what random salt is
> > presented.
> 
> Off hand here is the only way I can see that this can work.
> 
> 1) client gets password from user and md5's it.

No, no md5 yet.

> 2) upon connecting, the client receives a random salt from the server.
> 3) the client md5's the already md5'd password with this new salt.

md5's plaintext password using pg_shadow salt, and random salt.

> 4) the client sends the resulting hash to the server.
> 5) the server takes the md5'd password from pg_shadow and md5's it
>    with the same random salt it sent to the client.

Yes.

> 6) if it matches, the server sends yet another salt to the client.
> 7) repeat steps 3, 4 and 5.
> 8) if it matches the client's in.
> 
> Why should this work?  Because the next time the client tries to connect
> it will be given a different salt.   But why twice?  It seems that once
> would be enough since it's a random salt to begin with and the client
> should never be getting that salt twice.

No, once with pg_shadow salt, then random salt.

--  Bruce Momjian                        |  http://www.op.net/~candle pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026