Re: Proposal for encrypting pg_shadow passwords

> > DOUBLE ENCRYPTION
> > -----------------
> > The solution for encrypting pg_shadow passwords is to encrypt using a
> > salt when stored in pg_shadow, and to generate a random salt for each
> > authentication request.  Send _both_ salts to the client, let the client
> > double encrypt using the pg_shadow salt first, then the random salt, and
> > send it back.  The server encrypt using only the random salt and
> > compares.
> >
> 
> I posted something on this a few weeks ago. See
> http://fts.postgresql.org/db/mw/msg.html?mid=1021155 for details, but the
> summary is that it would be better (IMHO) to use HMAC for authentication.
> HMAC has
> been mathematically proven to be as secure as the underlying hash algorithm
> used.
> Here's the reference for HMAC --
> http://www-cse.ucsd.edu/users/mihir/papers/kmd5.pdf.
> 
> It would actually work almost identically to what you've described. Store
> the password as a hash using MD5 and some salt. Send the password salt and a
> random salt to the client. The client uses the password salt with MD5 (and
> local knowledge of the plaintext password) to reproduce the stored password,
> then calculates an HMAC of the random salt and sends it back. The server
> also calculates the HMAC of the random salt using the stored hashed
> password, and compares.

Yes, I remember that.  I figured MD5 was standard and secure enough for
our purposes.  Newer stuff sometimes has problems because it has not
been tested long enough and I would hate to change this if a problem is
found.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026