Re: You're on SecurityFocus.com for the cleartext passwords.

> Probably the way to attack this would be to combine MD5 and this double
> password-munging algorithm as a new authentication protocol type to add
> to the ones we already support.  That way old clients don't have to be
> updated instantly.

Not sure that will work because once we use md5 on the server side for
pg_shadow, we have to be able to do md5 on the client, I think, for
crypting because the md5 has to be done _before_ the random salt crypt.

> 
> OTOH, if the password stored in pg_shadow is MD5-encrypted, then we lose
> the ability to support the old crypt-based auth method, don't we?

Yes.

> Old clients could be successfully authenticated with cleartext password
> challenge (server MD5's the transmitted password and compares to
> pg_shadow), but we couldn't do anything with a crypt()-encrypted
> password.  Is that enough reason to stay with crypt() as the underlying
> hashing engine?  Maybe not, but we gotta consider the tradeoffs...

Not sure.

--  Bruce Momjian                        |  http://www.op.net/~candle pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026