Participants
Noname
Noname
Bruce Momjian
Bruce Momjian
Attachments
Show all attachments
Thread Outline
#1NonameNoname
Aug 25, 2016
#2Bruce MomjianBruce Momjianto Noname (#1)
Aug 25, 2016

does md5 really help against sniffing?

Started by Nonameover 9 years ago2 messagesdocs
Jump to latest
#1Noname
Noname
jens.timmerman@gmail.com

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/9.1/static/auth-methods.html
Description:

this page claims
'If you are at all concerned about password "sniffing" attacks then md5 is
preferred. '
but how does this really help? If an md5 hash is enough to get access, then
sniffing an md5has is actually the same as sniffing the password?'

--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs

#2Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Noname (#1)
Re: does md5 really help against sniffing?

On Thu, Aug 25, 2016 at 03:35:17PM +0000, jens.timmerman@gmail.com wrote:

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/9.1/static/auth-methods.html
Description:

this page claims
'If you are at all concerned about password "sniffing" attacks then md5 is
preferred. '
but how does this really help? If an md5 hash is enough to get access, then
sniffing an md5has is actually the same as sniffing the password?'

There is random salt added to the network md5 hash. Please read the
docs on this.

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +

--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs

← Back to Topics