Re: Salt in encrypted password in pg_shadow

On Tue, Sep 07, 2004 at 08:48:13PM -0700, Steve Atkins wrote:

> That's an example of why a salt is still extremely valuable, despite
> the change in CPU speed:storage speed/size ration

But, to clarify, I don't see any practical problem in the current
PostgreSQL implementation. It's not particularly secure, but not much
worse than the underlying OS authentication. Most of the feasible
attack trees are going to start with compromising the OS platform, by
which point weaknesses in the postgresql authentication are fairly
meaningless.

If we need to tweak the authentication protocol _anyway_ at some
point it'd be great to improve things. But until then... not worth
the pain.

Cheers,
  Steve