Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

* Bruce Momjian (pgman(at)candle(dot)pha(dot)pa(dot)us) wrote:
> Stephen Frost wrote:
> -- Start of PGP signed section.
> > * Andrew Dunstan (andrew(at)dunslane(dot)net) wrote:
> > > I think the behaviour on the wire should be more explcitly stated.
> >
> > Please comment on the message I just sent to -hackers which has a much
> > longer and more detailed explanation of what happens.
>
> The next paragraph in the docs is:
>
> If you are at all concerned about password
> <quote>sniffing</> attacks then <literal>md5</> is preferred, with
> <literal>crypt</> a second choice if you must support pre-7.2
> clients. Plain <literal>password</> should especially be avoided for
> connections over the open Internet (unless you use <acronym>SSL</acronym>, SSH, or
> other communications security wrappers around the connection).

Huh, I thought I had looked and hadn't seen anything after the paragraph
you modified in the online stuff. Apparently I was being deliusional.
Even so though, I think my description was somewhat more verbose and
useful. A merge of the two may be in order actually, it's true that
sniffing attacks may be thwarted by the md5 method but this does not
mention that the hash in pg_shadow becomes password-equivilant in that
method and it really should.

Thanks,

Stephen