Re: Is md5 really more secure than crypt?
| От | Martijn van Oosterhout |
|---|---|
| Тема | Re: Is md5 really more secure than crypt? |
| Дата | |
| Msg-id | 20020615024552.A20308@svana.org обсуждение исходный текст |
| Ответ на | Is md5 really more secure than crypt? ("murphy pope" <pope_murphy@hotmail.com>) |
| Список | pgsql-general |
On Fri, Jun 14, 2002 at 10:54:35AM -0400, murphy pope wrote: > So, to me, it doesn't seem that 'md5' is much more secure than 'crypt'. The > user/password hash stored in pg_pwd is essentially a plaintext password. > What am I missing here? I think the main reason is that if someone can log into the machine, access the password file directly (probably via root), then you have more serious problems than someone impersonating someone else on a connection. They could simply suck your entire database out and read it elsewhere. As for making it more secure, I would say to use a one-way hash on disk (similar to /etc/passwd) and then connection via SSL to stop the password being sniffed. But isn't this what happens already? -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > There are 10 kinds of people in the world, those that can do binary > arithmetic and those that can't.
В списке pgsql-general по дате отправления: