Re: [Firebird-devel] crypt plugins

[Alex P. <pe...@in...>]

Hi, Edward !

> It doesn't matter if you encrypt passwords with crypt,MD5, or SHA.  
> The problem here isn't the fact that these things are weekly 
> encrypted.  The problem is the fact that users (not just the server) 
> can view all the encrypted hashes.  This makes brute forcing anybody's 
> insecure password, achievable in a VERY finite amount of time.  Please 
> consider changing the method of authentication to something along the 
> lines of SRP (http://srp.stanford.edu) or SASL 
> (http://www.ietf.org/rfc/rfc2222.txt) for modular authentication.  And 
> then make the users database unreadable to clients.

I shouldn't discuss the problem, can SHA be brutforced or not. Even if 
can't be now, who knows what will happen in a few years.
What about making security database unreadable...
I think that if my approach will be accepted for v.2.0, it will not be 
too hard to make it unreadable for _remote_ connections to any server,  
and for all connections to servers other than posix CS. I don't have in 
mind here cases like win9x and shared disk with fb installation:-), I 
mean 'it need not be readable for normal operation of correctly 
installed firebird'.  But for local (embedded) connection on posix 
firebird is used as shared library, linked to user's process, which 
(user process) must be able to read security database to do 
authentication. Certainly, it's possible to think about some tricks 
here, but may be it's better to think about PAM authentication?
Alex.

BTW. If you write crypt plugin, using mentioned wonderful things like 
SRP or SASL, this will be nice.