Received: from localhost (wm.hub.org [200.46.204.128])
	by postgresql.org (Postfix) with ESMTP id 382B69F9DAD
	for <pgsql-general-postgresql.org@postgresql.org>;
	Tue, 17 Oct 2006 16:36:10 -0300 (ADT)
Received: from postgresql.org ([200.46.204.71])
	by localhost (mx1.hub.org [200.46.204.128]) (amavisd-new, port 10024)
	with ESMTP id 07397-09 for
	<pgsql-general-postgresql.org@postgresql.org>;
	Tue, 17 Oct 2006 19:35:59 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-
Received: from smtp1.adl2.internode.on.net (smtp1.adl2.internode.on.net
	[203.16.214.181])
	by postgresql.org (Postfix) with ESMTP id D1EAA9F98FA
	for <pgsql-general@postgresql.org>;
	Tue, 17 Oct 2006 16:35:58 -0300 (ADT)
Received: from [192.168.8.200] (ppp247-71.static.internode.on.net
	[203.122.247.71])
	by smtp1.adl2.internode.on.net (8.13.6/8.13.5) with ESMTP id
	k9HJZjtE025991; Wed, 18 Oct 2006 05:05:45 +0930 (CST)
	(envelope-from pgsql@007Marketing.com)
Message-ID: <45353091.2080102@007Marketing.com>
Date: Wed, 18 Oct 2006 05:05:45 +0930
From: Shane Ambler <pgsql@007Marketing.com>
User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060909)
MIME-Version: 1.0
To: Jorge Godoy <jgodoy@gmail.com>
CC: Jeff Davis <pgsql@j-davis.com>, DEV <dev@umpa-us.com>,
	pgsql-general@postgresql.org
Subject: Re: Database users Passwords
References: <002c01c6f1fa$652d3f60$0b01a8c0@LT003>
	<1161102985.31645.100.camel@dogma.v10.wvs>
	<45351C3E.7030200@007Marketing.com>
	<873b9mlqdm.fsf@gmail.com>
In-Reply-To: <873b9mlqdm.fsf@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Spam-Status: No, hits=2.012 tagged_above=0 required=5 tests=BIZ_TLD,
	SPF_HELO_PASS
X-Spam-Level: **
X-Archive-Number: 200610/851
X-Sequence-Number: 102377

Jorge Godoy wrote:
> Shane Ambler <pgsql@007Marketing.com> writes:
> 
>> What Dev would want to look for (probably create) is a small script that will
>> read his list of crypt passwords and un-crypt them into a create role string
>> that is fed to psql.
> 
> Except that the hash used is unidirectional, i.e., there's no way to decrypt
> it besides a brute force attack or something like that. 
> 
> If he's got, e.g., 10 users with strong passwords this kind of thing can take
> some weeks.
> 

crypt may be a custom function (or what Dev calls something else 
altogether) which is one way and complex - that info wasn't given.

The only crypt I know of is the crypt command (FreeBSD has it at 
/usr/bin/crypt) and is also known as enigma. This is a two way 
encryption and is fast.
If that is what he is using then decrypting will not be part of the time 
issue and is the basis of the advice I gave.

According to time - decrypting a 3K file takes about .002 seconds

If a strong one way encryption has been used then he is out of luck and 
will need the users to re-enter their passwords after the accounts are 
created with another password of some sort.
Which is also another option for him even if he can decrypt what is 
currently stored.

-- 

Shane Ambler
Postgres@007Marketing.com

Get Sheeky @ http://Sheeky.Biz