| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us>,Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>,Robert Haas <robertmhaas(at)gmail(dot)com>,Andres Freund <andres(at)anarazel(dot)de>,Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>,David Steele <david(at)pgmasters(dot)net>,Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,David Fetter <david(at)fetter(dot)org>,Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>,Julian Markwort <julian(dot)markwort(at)uni-muenster(dot)de>,Stephen Frost <sfrost(at)snowman(dot)net>,PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>,Valery Popov <v(dot)popov(at)postgrespro(dot)ru> |
| Subject: | Re: pg_authid.rolpassword format (was Re: Password identifiers, protocol aging and SCRAM protocol) |
| Date: | 2016-12-14 19:34:55 |
| Message-ID: | 1D2394E9-B6F3-4EBB-B1CE-F84FCE49AEAE@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 14 December 2016 20:12:05 EET, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>On Wed, Dec 14, 2016 at 11:27:15AM +0100, Magnus Hagander wrote:
>> I would so like to just drop support for plain passwords completely
>:) But
>> there's a backwards compatibility issue to think about of course.
>>
>> But -- is there any actual usecase for them anymore?
>
>I thought we recommended 'password' for SSL connections because if you
>use MD5 passwords the password text layout is known and that simplifies
>cryptanalysis.
No, that makes no sense. And whether you use 'password' or 'md5' authentication is a different question than whether you store passwords in plaintext or as md5 hashes. Magnus was asking whether it ever makes sense to *store* passwords in plaintext.
Since you brought it up, there is a legitimate argument to be made that 'password' authentication is more secure than 'md5', when SSL is used. Namely, if an attacker can acquire contents of pg_authid e.g. by stealing a backup tape, with 'md5' authentication he can log in as any user, using just the stolen hashes. But with 'password', he needs to reverse the hash first. It's not a great difference, but it's something.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2016-12-14 19:41:41 | Re: pg_authid.rolpassword format (was Re: Password identifiers, protocol aging and SCRAM protocol) |
| Previous Message | Peter Eisentraut | 2016-12-14 19:30:14 | Re: background sessions |