Re: Is md5 really more secure than crypt?

Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > I wonder if people using SSL should be encouraged to use 'password'
> > rather than 'md5' in 7.3?  I am sure some admins use SSL and md5
> > thinking it is more secure, when it is less.
>
> Depends on what your notion of security is, I guess.  After sending my
> earlier message, I had another thought: from the point of view of an
> honest user, the cleartext password scheme is less secure, because a
> dishonest DBA could easily tweak the postmaster to log submitted
> passwords --- and thereby capture a user password that he shouldn't
> have.  In the MD5 scheme, the user need only trust his client-side
> software to be sure that his original password is never exposed to
> anyone, including the DBA.

I see. Good point.

> Of course a paranoid user won't be using the same password for two
> different purposes anyway ;-).
>
> But anyway, this line of thinking suggests that we shouldn't be in a
> hurry to rip out the cleartext-password auth method; it does have
> some virtues.

Yes.  Not sure how to even document it.  Seems pretty complicated.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026