On Thu, 2004-08-19 at 08:30, Daniel Martini wrote: > Hello list, > > Citing Alvaro Herrera <[EMAIL PROTECTED]>: > > The problem here is that the password can't be stored one-way-hash > > digested, because the cleartext version is needed to be sent to the > > server. > > Actually why this is so has been a question for me for some time now, too. > Did just nobody have the time / idea to implement support for sending > hashed passwords to the server, or are there serious difficulties involved > with this, and I don't see them?
As far as I am aware, crypt and md5 passwords are not sent in cleartext form. password passwords (?!) are sent clear, but their use is deprecated. I think the password can't be stored hash-digested because it has to be encrypted with a salt established at runtime. If you could just send the same hash-digested password over and over, it would be no more secure than a plaintext one. Oliver Elphick ---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
