Is md5 really more secure than crypt?

'password' authentication is insecure because plaintext passwords are stored
on disk and plaintext passwords are sent over the wire.  I could steal the
password by watching the network or by looking in the pg_pwd file.

'crypt' authentication is insecure because plaintext passwords are stored on
disk, but encrypted passwords are sent over the wire.  I can't steal the
password by watching the network, but I can still look in pg_pwd.

I thought that 'md5' authentication was supposed to be better than
'password' and 'crypt' because encrypted passwords are stored on disk and
encrypted passwords are sent over the wire.

md5 works by storing an md5 checksum for a user/password combination on disk
(this looks like an encrypted password).  When a client connects, the server
sends a small salt value to the client.  The client computes an md5 checksum
over the user/password combination, then a second checksum over the first
checksum plus the salt value.  Then the send checksum is sent to the server.
  The server combines the stored user/password checksum with the salt value
and then computes its own checksum.  If the client's (second) checksum
matches the server's (second) checksum - the passwords match.

But, if can peek at the server's user/password checksum (in the pg_pwd
file), I can connect to a server, get the server's salt, and combine it with
the stolen checksum, arriving at the checksum expected by the server.

This is exactly how I would impersonate a user authenticated by 'crypt'.

So, to me, it doesn't seem that 'md5' is much more secure than 'crypt'.  The
user/password hash stored in pg_pwd is essentially a plaintext password.
What am I missing here?

  -- Murhpy


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com