| From: | Doug McNaught <doug(at)wireboard(dot)com> |
|---|---|
| To: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my> |
| Cc: | Jim Mercer <jim(at)reptiles(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Vince Vielhaber <vev(at)michvhf(dot)com>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Re: Re: Encrypting pg_shadow passwords |
| Date: | 2001-06-17 15:46:05 |
| Message-ID: | m3d783gldu.fsf@belphigor.mcnaught.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my> writes:
> My point is if you really need encryption, then your data should be
> encrypted too, otherwise it seems a waste of time or more a "feel
> good" thing.
I would disagree. I think there is a level of security where it's not
a catastrophe if someone sniffs and reconstructs your traffic, but
it's fairly important that such a person not be able to authenticate
as you. Most of my personal email (and, I assert, most people's)
falls into this category. Encrypted challenge/response addresses this
need quite well.
Naturally, if you're working at a level where intercepted traffic *is*
catastrophic, you should be doing end-to-end encryption and all that
good stuff.
-Doug
--
The rain man gave me two cures; he said jump right in,
The first was Texas medicine--the second was just railroad gin,
And like a fool I mixed them, and it strangled up my mind,
Now people just get uglier, and I got no sense of time... --Dylan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-06-17 20:47:05 | Call for alpha testing: planner statistics revisions |
| Previous Message | Jim Mercer | 2001-06-17 15:28:16 | Re: Re: Re: Encrypting pg_shadow passwords |