Home > mailing lists

Re: A stab at implementing better password hashing, with mixed results - Mailing list pgsql-hackers

From	Claudio Freire
Subject	Re: A stab at implementing better password hashing, with mixed results
Date	December 27, 2012 15:31:13
Msg-id	CAGTBQpbRgrRctMD7Q-UeTcchGp7JeL10r8hT8rErj3EYnrXvng@mail.gmail.com Whole thread Raw
In response to	A stab at implementing better password hashing, with mixed results (Peter Bex <Peter.Bex@xs4all.nl>)
Responses	Re: A stab at implementing better password hashing, with mixed results
List	pgsql-hackers

Tree view

On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex <Peter.Bex@xs4all.nl> wrote:
>
> Implementing a more secure challenge-response based algorithm means
> a change in the client-server protocol.  Perhaps something like SCRAM
> (maybe through SASL) really is the way forward for this, but that
> seems like quite a project and it seems to dictate how the passwords are
> stored; it requires a hash of the PBKDF2 algorithm to be stored.

It would be nonsense to do it in any other way... protecting the
password store and not the exchange would just shift the weak spot.

pgsql-hackers by date:

From: Marko Kreen
Date: 27 December 2012, 15:21:27
Subject: Re: pgcrypto seeding problem when ssl=on

From: Peter Bex
Date: 27 December 2012, 15:41:26
Subject: Re: A stab at implementing better password hashing, with mixed results

Re: A stab at implementing better password hashing, with mixed results - Mailing list pgsql-hackers

Previous

Next