| From: | michael(at)miknet(dot)net (Michael Samuel) |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Re: Encrypting pg_shadow passwords |
| Date: | 2001-07-11 09:02:22 |
| Message-ID: | 20010711190222.A31964@miknet.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jul 10, 2001 at 11:32:00PM -0400, Bruce Momjian wrote:
> > On Tue, Jun 26, 2001 at 11:02:15AM -0400, Bruce Momjian wrote:
> > > This is the first time I am hearing people are more concerned about
> > > pg_shadow security than the wire security. I can see cases where people
> > > are on secure networks or are using only local users where having
> > > pg_shadow encrypted is more important than crypt authentication.
> > > Fortunately the new system will solve both problems.
> >
> > The crypt authentication currently used offers _no_ security. If I can
> > sniff on the wire, I can hijack the tcp stream, and trick the client
> > into doing password authentication.
>
> It is my understanding that sniffing is much easier than hijacking. If
> hijacking is a concern, you have to use SSL.
That is not true. The internet happily allows for active attacks. In
fact, active attacks are easier on the internet than passive ones.
My concern is, that by having something that we proclaim to be secure, we
need for it to really be secure.
An HMAC would be a better alternative to the current crypt scheme, as
it would provide integrity, without the overhead of having privacy.
Of course, HMAC would require the postgres protocol to talk in "packets",
as it can't accept the data as being valid until it verifies the MAC. I'm
not familiar with the protocol yet.
I suggest these authentication options:
* password - The current meaning of password, but with passwords hashed
using md5crypt() or something. (The usual crypt unneccessarily limits
passwords to 8 characters)
* HMAC - Wrap all postgres data in an HMAC (I believe this requires an
plaintext-like password on the server as does crypt and the double
crypt scheme)
* Public Key (RSA/DSA) - Use public key cryptography to negotiate a
connection. (When I'm not busy, I may decide to do this myself)
Also, I think we should add to the client API the ability to only accept
certain authentication schemes, to avoid active attacks tricking your
software from sending the HMAC password in cleartext.
--
Michael Samuel <michael(at)miknet(dot)net>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | markMLl.pgsql-general | 2001-07-11 10:00:10 | Re: 2 gig file size limit |
| Previous Message | Tatsuo Ishii | 2001-07-11 04:15:35 | docs Japanese translation |