Skip site navigation (1) Skip section navigation (2)

Re: Rejecting weak passwords

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Marko Kreen <markokr(at)gmail(dot)com>
Cc: Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, Andrew Dunstan <andrew(at)dunslane(dot)net>, mlortiz <mlortiz(at)uci(dot)cu>, Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Rejecting weak passwords
Date: 2009-09-28 18:37:11
Message-ID: 12339.1254163031@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Marko Kreen <markokr(at)gmail(dot)com> writes:
> So promoting the ENCRYPTED 'foo' as "secure" may lure users into
> false sense of security, and be lax against sniffing and logfile
> protection.

This argument is entirely irrelevant to the point.  Yes, ENCRYPTED
doesn't fix everything, but it is still good practice to use it
and most well-written tools will.  So having a weak-password detector
that can only work on non-encrypted passwords is going to not be
very helpful.

> IOW, having plaintext password in CREATE/ALTER time which can
> then checked for weaknesses is better that MD5 password, which
> actually does not increase security.

This is not acceptable and will not happen.  The case that ENCRYPTED
protects against is database superusers finding out other users'
original passwords, which is a security issue to the extent that those
users have used the same/similar passwords for other systems.
We're not going to give up protection for that in order to provide
an option to do weak-password checking in a place that simply isn't
the best place to do it anyway.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Robert HaasDate: 2009-09-28 18:40:15
Subject: Re: Rejecting weak passwords
Previous:From: Robert HaasDate: 2009-09-28 18:32:21
Subject: Re: syslog_line_prefix

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group