<<< Date Index >>>     <<< Thread Index >>>

Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords



* Mike Fratto (mfratto@xxxxxxx) wrote:
> Since the salt is known, it has no effect on the "keyspace" because you
> don't have to guess it.  If there was no salt, then pre-computing a
> dictionary is a much smaller task. 

That's the whole point of the discussion- the way Postgres's pg_shadow
stuff works the salt is known and *because* of that it might as well not
exist since it means that you can pre-compute the keyspace.  Knowing the
salt means you can pre-compute the keyspace ahead of time.  If you don't
know the salt until you've gained access then you'll have to wait till
then to begin computing the keyspace.

I suppose technically you could start pre-computing the keyspace before
then, but then it's a much larger keyspace which makes it much more
difficult.

        Stephen

Attachment: signature.asc
Description: Digital signature