Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

On Thu, Apr 21, 2005 at 12:13:50AM -0400, Tom Lane wrote:
> It's worth pointing out also that adding a per-user-entry random salt
> to the password protocol is not some kind of penalty-free magic bullet.
> In particular it implies information leakage: I can tell from the
> password challenge (or lack of one) whether the username I have offered
> is valid.  So rather than claiming "this is unconditionally a good thing
> to do", you must actually provide a credible scenario that makes the
> threat you are defending against more dangerous than the sorts of new
> threats we'll be exposed to.  So far I haven't seen a very credible
> threat here.

I would think it wouldn't be hard to change the protocol/code so that
the response from providing an invalid user is the same as providing a
valid one.
-- 
Jim C. Nasby, Database Consultant               decibel@decibel.org 
Give your computer some brain candy! www.distributed.net Team #1828

Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"