| From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: reducing our reliance on MD5 |
| Date: | 2015-02-11 13:02:03 |
| Message-ID: | 54DB52CB.4070704@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 02/11/2015 02:49 PM, Robert Haas wrote:
> So, this all sounds fairly nice if somebody's willing to do the work,
> but I can't help noticing that you originally proposed adopting SCRAM
> in 2012, and it's 2015 now. So I wonder if anyone's really going to
> do all this work, and if not, whether we should go for something
> simpler. Just plugging something else in for MD5 would be a lot less
> work for us to implement and for clients to support, even if it is (as
> it unarguably is) less elegant.
"Just plugging something else in for MD5" would still be a fair amount
of work. Not that much less than the full program I proposed.
Well, I guess it's easier if you immediately stop supporting MD5, have a
"flag day" in all clients to implement the replacement, and break
pg_dump/restore of passwords in existing databases. That sounds
horrible. Let's do this properly. I can help with that, although I don't
know if I'll find the time and enthusiasm to do all of it alone.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Álvaro Hernández Tortosa | 2015-02-11 13:02:51 | Re: reducing our reliance on MD5 |
| Previous Message | Heikki Linnakangas | 2015-02-11 12:54:03 | Re: SSL renegotiation and other related woes |