Re: Salt in encrypted password in pg_shadow

David Garamond <lists@zara.6.isreserved.com> writes:
> Tom Lane wrote:
>> Also, MD5 hashing is fast enough that I'm not sure the above is really
>> significantly cheaper than a straight brute-force attack, ie, you just
>> take your list of possible passwords and compute the hashes on the fly.
>> The hashes are going to be much longer than the average real-world
>> password, so reading in a list of hashes is going to take several times
>> as much I/O as reading the passwords --- seems to me that it'd be
>> cheaper just to re-hash each password.

> Many people use short and easy-to-guess passwords (remember we're not
> talking about the superuser only here), so the dictionary attack can be
> more effective than people think.

And that responds to the speed argument how?  I quite agree that a
guessable password is risky, but putting in a random salt offers no
real advantage if the salt has to be stored in the same place as the
encrypted password.

            regards, tom lane