On Thu, Aug 25, 2016 at 03:35:17PM +0000, [email protected] wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/9.1/static/auth-methods.html > Description: > > this page claims > 'If you are at all concerned about password "sniffing" attacks > then md5 is > preferred. ' > but how does this really help? If an md5 hash is enough to get access, then > sniffing an md5has is actually the same as sniffing the password?'
There is random salt added to the network md5 hash. Please read the docs on this. -- Bruce Momjian <[email protected]> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + -- Sent via pgsql-docs mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
