Re: [HACKERS] Re: Hashing passwords (was Updated TODO list)

Another nice thing with SRP is that it is a mutual authentication. A
third party cannot say "hey i'm the server, please connect to me. Sure,
your password is correct, start sending queries... INSERT? ok, sure,
INSERT 1 1782136. go on..." and steal a lot of data... the SRP client
always knows if it is talking to the real thing. No more third party
attacks...
http://srp.stanford.edu/srp/others.html

/* m */


Gene Sokolov wrote:
> 
> I completely agree with Louis. It's not just the hacker: there is no need
> for sysadmin to know passwords as well. I believe the security scheme where
> sysadmin or anyone has to take action in order *not* to see passwords is
> flawed.
> 
> I think the following solution would be satisfactory:
> Store SHA(password) XOR SHA(mastervalue [+] uid). In case it's difficult to
> alter the wire protocol, store password XOR SHA(mastervalue [+] uid). Either
> way no one can get useful info without knowing the master value. Even simple
> password XOR <mastervalue> would be helpful.
> 
> Gene Sokolov.
> 
> From: Louis Bertrand <louis@bertrandtech.on.ca>
> > Why should anyone be able to read cleartext passwords, or even need to?
> > People have a habit of reusing the same password for logins elsewhere.
> > Hash the password as it's entered and compare hashes. This way, even if
> > the password file (PostgreSQL's or the system's) is compromised, the
> > attacker gains no extra information.
> >
> > > > From: Bruce Momjian <maillist@candle.pha.pa.us>
> > > Yes, I remember now.  We keep them in clear, because we send random
> > > salt-encrypted versions over the wire.  Only Postgresql can read this
> > > table.