Re: reducing our reliance on MD5
| От | Arthur Silva |
|---|---|
| Тема | Re: reducing our reliance on MD5 |
| Дата | |
| Msg-id | CAO_YK0XM44q4Z7gKpfCFtFWVTKN8DLJC=rAEzTiMYs8yog6A7A@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: reducing our reliance on MD5 (Peter Geoghegan <pg@heroku.com>) |
| Список | pgsql-hackers |
<div dir="ltr"><br /><div class="gmail_extra"><br /><div class="gmail_quote">On Tue, Feb 10, 2015 at 11:25 PM, Peter Geoghegan<span dir="ltr"><<a href="mailto:pg@heroku.com" target="_blank">pg@heroku.com</a>></span> wrote:<br /><blockquoteclass="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">OnTue, Feb 10, 2015 at 5:22 PM, Arthur Silva <<a href="mailto:arthurprs@gmail.com">arthurprs@gmail.com</a>>wrote:<br /> > I assume if the hacker can intercept the serverunencrypted traffic and/or<br /> > has access to its hard-drive the database is compromised anyway.<br /><br /></span>Thatsounds like an argument against hashing the passwords in general.<br /><span class="HOEnZb"><font color="#888888"><br/><br /> --<br /> Peter Geoghegan<br /></font></span></blockquote></div><br /></div><div class="gmail_extra">Indeed.<br/><br /></div><div class="gmail_extra">In a perfect world SCRAM would be the my choice. FWIWMongodb 3.0 also uses SCRAM as the preferred method for password based authentication.<br /></div></div>
В списке pgsql-hackers по дате отправления: