On Thu, Aug 25, 2016 at 03:35:17PM +0000, jens.timmer...@gmail.com wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/9.1/static/auth-methods.html > Description: > > this page claims > 'If you are at all concerned about password "sniffing" attacks > then md5 is > preferred. ' > but how does this really help? If an md5 hash is enough to get access, then > sniffing an md5has is actually the same as sniffing the password?'
There is random salt added to the network md5 hash. Please read the docs on this. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + -- Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
