Re: So we're in agreement....

On Sun, 7 May 2000, Tom Lane wrote:

> Vince Vielhaber <vev@michvhf.com> writes:
> >>>> My intent was not to send the username, but let the server figure it 
> >>>> out by the response.
> >> 
> >> That would be a neat trick.  How will you do it?  MD5 is not reversible.
> 
> > CLIENT: md5(salt_from_server + md5(username + md5(password)))
> 
> > SERVER: md5(salt_from_server + md5(username + stored_password))
> 
> > The server runs thru all available usernames using the above algorithm.
> 
> No, that doesn't work unless stored passwords contain no random salt
> at all (you could use the username alone, but as I previously said
> that's no substitute for random salt, and of dubious value anyway).
> That'd be a distinct *loss* in security, not an improvement.
> 
> To have salt in the stored passwords, the server must receive the
> username first so that it can look up the pg_shadow entry and find
> which stored salt to send to the client (along with the randomly
> generated per-transaction salt).  You could cloak the username as
> I suggested before, but there have to be two messages.

You're right, it wouldn't work.  It should've been like this:

CLIENT: md5(salt_from_server + md5(username + password)))

SERVER: md5(salt_from_server + stored_password) 

The "salt_from_server" is your random salt.  The fixed salt is the
username.

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net128K ISDN from $22.00/mo - 56K Dialup from
$16.00/moat Pop4 Networking       Online Campground Directory    http://www.camping-usa.com      Online Giftshop
Superstore   http://www.cloudninegifts.com
 
==========================================================================