From: Jim S. <ja...@ne...> - 2004-08-23 11:25:44
|
Alex Peshkov wrote: > > Implementation seems to be as following. We add ~/crypt directory to > installation, and make CryptPlugin load library, which name may be > defined in firebird.conf, from that directory. Old algorithm is > statically linked to engine (like now), it's used for first phase of > building password hash in both client and server and may be on server > for old users, who still have not changed passwords. > Please, don't. The existing "security" is, er, weak. The fundamental concept of using a fixed key to encrypt a password on the wire is brain dead -- if someone is listening, saving the password encryption is just as good as saving the a password passed in clear. Changing the algorithm doesn't make it any better. The only way to safely pass a password is to use public key encryption, which requires a protocol change. Security isn't something that you can fix with little patches -- it needs a solid, well understood foundation. If I understand your proposed change correctly, you aren't making the product any more secure, just adding more ways for it to break backwards compatibility when security is implemented correctly. So, please don't add a hack. Think long and hard, then do it right. |