I read that the password hash in pg_shadow is salted with username. Is
this still the case? If so, since probably 99% of all PostgreSQL has
"postgres" as the superuser name, wouldn't it be better to use standard
Unix/Apache MD5 hash instead?
--
dave
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org) 26 5514
David Garamond <li***@zara.6.i sreserved.com> writes: I read that the password hash in pg_shadow is salted with username. Is this still the case? If so, since probably 99% of all PostgreSQL has "postgres" as the superuser name, wouldn't it be better to use standard Unix/Apache MD5 hash instead?
How does that improve anything? If we add a random salt into it, we'd
have to store the salt in pg_shadow, so there wouldn't be any secrecy
added --- an attacker who can read pg_shadow could see the salt too.
(Actually, an attacker who can read pg_shadow is already superuser,
so it's not clear there's anything left to hide from him anyway.)
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Tom Lane wrote: I read that the password hash in pg_shadow is salted with username. Is this still the case? If so, since probably 99% of all PostgreSQL has "postgres" as the superuser name, wouldn't it be better to use standard Unix/Apache MD5 hash instead? How does that improve anything? If we add a random salt into it, we'd have to store the salt in pg_shadow, so there wouldn't be any secrecy added --- an attacker who can read pg_shadow could see the salt too.
Consider someone who creates a long list of:
MD5( "postgres" + "aaaaaaaa" )
MD5( "postgres" + "aaaaaaab" )
MD5( "postgres" + "aaaaaaac" )
...
Now if he has access to other people's pg_shadow, he can compare the
hashes with his dictionary. Replacing "postgres" with a random salt
defeats this dictionary attack (and thus he will have to resort to brute
force).
(Actually, an attacker who can read pg_shadow is already superuser, so it's not clear there's anything left to hide from him anyway.)
But consider someone who finds a harddisk or tape containing a database
backup... he can then gain access to the real, online database.
--
dave
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ma*******@postg resql.org so that your
message can get through to the mailing list cleanly
David Garamond wrote: Consider someone who creates a long list of:
MD5( "postgres" + "aaaaaaaa" ) MD5( "postgres" + "aaaaaaab" ) MD5( "postgres" + "aaaaaaac" ) ...
Now if he has access to other people's pg_shadow, he can compare the hashes with his dictionary. Replacing "postgres" with a random salt defeats this dictionary attack (and thus he will have to resort to brute force).
But surely you have to store the random salt in pg_shadow too? Or am I
missing something?
--
Richard Huxton
Archonet Ltd
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives? http://archives.postgresql.org
Richard Huxton <de*@archonet.c om> writes: David Garamond wrote: Consider someone who creates a long list of: MD5( "postgres" + "aaaaaaaa" ) MD5( "postgres" + "aaaaaaab" ) MD5( "postgres" + "aaaaaaac" )
But surely you have to store the random salt in pg_shadow too? Or am I missing something?
I think David is suggesting that the hypothetical attacker could gain
economies of scale in multiple attacks (ie, if he'd been able to steal
the contents of multiple installations' pg_shadow, he'd only need to
generate his long list of precalculated hashes once). I think this is
too far-fetched to justify an authentication protocol change though.
Also, MD5 hashing is fast enough that I'm not sure the above is really
significantly cheaper than a straight brute-force attack, ie, you just
take your list of possible passwords and compute the hashes on the fly.
The hashes are going to be much longer than the average real-world
password, so reading in a list of hashes is going to take several times
as much I/O as reading the passwords --- seems to me that it'd be
cheaper just to re-hash each password.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org)
Tom Lane wrote: I think David is suggesting that the hypothetical attacker could gain economies of scale in multiple attacks (ie, if he'd been able to steal the contents of multiple installations' pg_shadow, he'd only need to generate his long list of precalculated hashes once). I think this is too far-fetched to justify an authentication protocol change though.
Also, MD5 hashing is fast enough that I'm not sure the above is really significantly cheaper than a straight brute-force attack, ie, you just take your list of possible passwords and compute the hashes on the fly. The hashes are going to be much longer than the average real-world password, so reading in a list of hashes is going to take several times as much I/O as reading the passwords --- seems to me that it'd be cheaper just to re-hash each password.
Many people use short and easy-to-guess passwords (remember we're not
talking about the superuser only here), so the dictionary attack can be
more effective than people think. And considering many people use the
same password for several things, Postgres could become one of the easy
sources to get/guess people's plaintext passwords from hacked machines.
At least Apache and Unix have been random-salting passwords for a while now.
However, I realize this will break the current MD5 hash, probably too
painful to do at the moment. Perhaps for the future, non-MD5 hash...
--
dave
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
David Garamond <li***@zara.6.i sreserved.com> writes: Tom Lane wrote: Also, MD5 hashing is fast enough that I'm not sure the above is really significantly cheaper than a straight brute-force attack, ie, you just take your list of possible passwords and compute the hashes on the fly. The hashes are going to be much longer than the average real-world password, so reading in a list of hashes is going to take several times as much I/O as reading the passwords --- seems to me that it'd be cheaper just to re-hash each password.
Many people use short and easy-to-guess passwords (remember we're not talking about the superuser only here), so the dictionary attack can be more effective than people think.
And that responds to the speed argument how? I quite agree that a
guessable password is risky, but putting in a random salt offers no
real advantage if the salt has to be stored in the same place as the
encrypted password.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ma*******@postg resql.org so that your
message can get through to the mailing list cleanly
On Tue, Sep 07, 2004 at 03:09:28PM -0400, Tom Lane wrote: David Garamond <li***@zara.6.i sreserved.com> writes: Tom Lane wrote: Also, MD5 hashing is fast enough that I'm not sure the above is really significantly cheaper than a straight brute-force attack, ie, you just take your list of possible passwords and compute the hashes on the fly. The hashes are going to be much longer than the average real-world password, so reading in a list of hashes is going to take several times as much I/O as reading the passwords --- seems to me that it'd be cheaper just to re-hash each password.
Many people use short and easy-to-guess passwords (remember we're not talking about the superuser only here), so the dictionary attack can be more effective than people think.
And that responds to the speed argument how? I quite agree that a guessable password is risky, but putting in a random salt offers no real advantage if the salt has to be stored in the same place as the encrypted password.
The usual attack against hashed passwords is to use a dictionary
driven password generator to create a large number of passwords, find
the hash of each of those, then store the passwords on disk indexed by
the hash.
That's a one-time effort that can then be used in the future to crack
any number of password hashes extremely cheaply - given any hash you
can find the corresponding password, if you have one, with one index
lookup.
A random salt stored with the hashed password increases the storage
and precomputation time required by the size of the salt (so a 16 bit
salt would increase the storage and precomputation time needed by
a factor of 65536). That increase makes the pre-computed dictionary
attack pretty much infeasible.
Cheers,
Steve
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
Tom Lane wrote: Many people use short and easy-to-guess passwords (remember we're not talking about the superuser only here), so the dictionary attack can be more effective than people think.
And that responds to the speed argument how? I quite agree that a guessable password is risky, but putting in a random salt offers no real advantage if the salt has to be stored in the same place as the encrypted password.
Hm, I thought the purpose of salt is generally well understood? A
well-known string such as "postgres" is *not* a good salt at all.
Here's a couple of pages that hopefully can explain better: http://en.wikipedia.org/wiki/Dictionary_attack http://en.wikipedia.org/wiki/Salt_(cryptography)
--
dave
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives? http://archives.postgresql.org
Steve Atkins <st***@blighty. com> writes: A random salt stored with the hashed password increases the storage and precomputation time required by the size of the salt (so a 16 bit salt would increase the storage and precomputation time needed by a factor of 65536). That increase makes the pre-computed dictionary attack pretty much infeasible.
[ raised eyebrow... ] It is not immediately obvious that a factor of
2^16 makes the difference between feasible and infeasible. As
counterexamples , if it would otherwise take you one microsecond to break
the password, 64 milliseconds isn't going to scare you; if it would
otherwise take you a century to break the password, raising it to
64k centuries isn't going to make for a very meaningful improvement in
security either.
Show me a scheme where the random salt isn't stored right beside the
password, and I might start to get interested.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Ian Davies |
last post by:
Hello
I would like to query the user table of the mysql database from my VB
application to check that a user's password entered in a text field on a
form corresponds to that users password in the mysql database. However, when
I retreive the password using an sql statement into a recordset, it is
encrypted. How can I decrypt it so I can make the comparison.
Ian
|
by: aji |
last post by:
Hello,
I have question about an encrypted password field in an MSAccess
database file.
My task is to migrate a shopping cart from ASP/Access to PHP/MySQL...
which is quite new territory for me!
Now, everything went smoothly so far: I exported the Access data into a
textfile, remodeled it to fit the new shopping cart data base and
imported it using phpMyAdmin...
|
by: Roland Riess |
last post by:
Hi NG,
I don't know if I'm just missing the forest through the trees, or if it
is really that complicated:
I want to save a password that is entered/changed through a text control
in a form. The control is bound to a dataset and the password shall be
stored as an encrypted text in the database.
I first tried to control the en- and decryption in the textbox's Format
|
by: zelzel.zsu |
last post by:
Is there any good methods to read a encrypted password file?
hi, all:
I've a zipped file with a password .
currently i use it by this method:
$ unzip -p secret.zip | python my-pexpect.py
but i want to remove the unzip -p secret.zip process.
that is :
$ python my-pexpect.py
|
by: Glenn |
last post by:
Hi All:
I was wondering if anyone has experienced any issues with users
passwords after the have installed Microsoft's latest security update
MS07-031. I am using the default AspNetSqlMembershipProvider
passwordFormat = "Hashed". However, quite inexplicably, the hash
generated by the provider changed even though it was using the same
salt. The only thing that I can think of is that, some how, the
security update changed the...
| |
by: prosad |
last post by:
hi!
Am having a problem inserting password after encrypting into a column of a table. am using MySQL.
$loginid = $_POST;
$password = $_POST;
$encrypt_password = md5($password);
if ($_POST) {
|
by: Shmuel |
last post by:
Hello,
Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?
I store passwords for users in database and don't want to use plain
text passwords.
Then I use that information to connect to the database. So every user
have his own database.
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| |
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |