Home > mailing lists

Re: So we're in agreement.... - Mailing list pgsql-hackers

From	Vince Vielhaber
Subject	Re: So we're in agreement....
Date	May 7, 2000 18:58:26
Msg-id	Pine.BSF.4.21.0005071852110.13987-100000@paprika.michvhf.com Whole thread Raw
In response to	Re: So we're in agreement.... (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: So we're in agreement....
List	pgsql-hackers

Tree view

On Sun, 7 May 2000, Tom Lane wrote:

> Using the username instead of an independent random value to salt the
> stored password is not a small change, it is a fundamental weakening of
> the security system.  

That's what I was doing, substituting the original random salt for the 
username.  

>                         If you don't see that this is so then you don't
> understand anything about cryptography.

Was this smartass comment really necessary, Tom?

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net128K ISDN from $22.00/mo - 56K Dialup from
$16.00/moat Pop4 Networking       Online Campground Directory    http://www.camping-usa.com      Online Giftshop
Superstore   http://www.cloudninegifts.com
 
==========================================================================

pgsql-hackers by date:

From: Tom Lane
Date: 07 May 2000, 18:06:26
Subject: Re: CREATE DATABASE WITH OWNER '??';

From: Tom Lane
Date: 07 May 2000, 19:00:24
Subject: Re: So we're in agreement....

Re: So we're in agreement.... - Mailing list pgsql-hackers

Previous

Next