----- Original Message -----
From: "Brad Pepers" <brad@...>
To: <firebird-support@yahoogroups.com>; "Jiri Hoffmayer" <parsys@...>
Sent: Tuesday, January 06, 2004 9:31 PM
Subject: Re: [firebird-support] Database Security
> On January 6, 2004 03:04 am, Jiri Hoffmayer wrote:
> > I actually wonder why the login password is stil only 8 chars. Why not
> > extend the significant chars of a password to let's say 64? This would
> > prevent DB access when someone gets the 'security.fdb' file (or the
> > appropriate IB file). AFAIK the 8 pwd chars may be cracked through a
brute
> > force approach, which is quite easy to do :-(((
>
> Firebird uses the crypt() function for the password and crypt only uses 8
> characters so it can't easily be fixed without recoding how passwords
work.
> Note though that crypt() is now considered to be pretty weak and can be
> broken by brute force attacks so replacing it would be a good idea.
>
Another idea is to use MD5 or SHA algorithm to encode password which in this
situation could be very,very long as only short digest would be stored (or
digest crypted with old crypt() function would be even better)
This shouldn't be a problem for any programmer (not mention perfect ones
from Firebird developer group ;-) ) to include MD5 algorithm to FB1.5 final
.
Please,Firebird developers - take attention to this proposition and give us
an contrary drawbacks if exists.