Network Security: Detailed info on Re: [HACKERS] Postgres: pg_hba.conf, md5, pg

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

from [Joshua D. Drake] Network Security

[Permanent Link]

Subject:	Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Date:	Thu, 21 Apr 2005 09:50:31 -0700

Simply put, MD5 is no longer strong enough for protecting secrets. It's
just too easy to brute-force. SHA1 is ok for now, but it's days are
numbered as well. I think it would be good to alter SHA1 (or something
stronger) as an alternative to MD5, and I see no reason not to use a
random salt instead of username.

If you aren't paying close enough attention to your database server to see that someone is trying to brute force your MD5 password you have bigger problems.

Sincerely,

Joshua D. Drake

--
Your PostgreSQL solutions company - Command Prompt, Inc. 1.800.492.2240
PostgreSQL Replication, Consulting, Custom Programming, 24x7 support
Managed Services, Shared and Dedication Hosting
Co-Authors: plPHP, plPerlNG - http://www.commandprompt.com/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, (continued) Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Bruce Momjian Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tom Lane Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, David F. Skoll Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Jim C. Nasby Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Bruno Wolff III Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Antoine Martin Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Stephen Frost Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Antoine Martin Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Joshua D. Drake <= Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Lance James Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tino Wildenhain Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Rod Taylor Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Tino Wildenhain Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Michael Samuel Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Jim Knoble RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Mike Fratto Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Mike Fratto

Previous by Date:	Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Josh Berkus
Next by Date:	Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tino Wildenhain
Previous by Thread:	Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Antoine Martin
Next by Thread:	Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost
Indexes:	[Date] [Thread] [Top] [All Lists]