| From: | Andre Majorel <aym-2lqsgp(at)teaser(dot)fr> |
|---|---|
| To: | pgsql-docs(at)postgresql(dot)org |
| Subject: | MD5 passwords |
| Date: | 2010-07-08 10:46:22 |
| Message-ID: | 20100708104622.GA2132@aym.net2.nerim.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
The doc says « if you are at all concerned about password
"sniffing" attacks then md5 is preferred. » but does not say why.
It would seem that an MD5 hash can be sniffed and replayed just as
well as a clear-text password.
Maybe the doc needs to explain why "md5" is more secure than
"password". Or, if it isn't, say so.
--
André Majorel http://www.teaser.fr/~amajorel/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thom Brown | 2010-07-08 13:05:07 | Re: MD5 passwords |
| Previous Message | Satoshi Nagayasu | 2010-07-08 09:50:51 | Re: ECPG Documentation Improvement |