On Thu, Dec 27, 2012 at 5:39 PM, Peter Bex <Peter(dot)Bex(at)xs4all(dot)nl> wrote:
> On Thu, Dec 27, 2012 at 12:31:08PM -0300, Claudio Freire wrote:
>> On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex <Peter(dot)Bex(at)xs4all(dot)nl> wrote:
>> >
>> > Implementing a more secure challenge-response based algorithm means
>> > a change in the client-server protocol. Perhaps something like SCRAM
>> > (maybe through SASL) really is the way forward for this, but that
>> > seems like quite a project and it seems to dictate how the passwords are
>> > stored; it requires a hash of the PBKDF2 algorithm to be stored.
>>
>> It would be nonsense to do it in any other way... protecting the
>> password store and not the exchange would just shift the weak spot.
>
> Yeah, that's why I was being rather pessimistic about the patch I posted.
> However, SCRAM will only protect the password; SSL is still required
> to protect against connection hijacking.
>
The thread that ended with
http://archives.postgresql.org/message-id/5086CB7A.5040406@gmx.net
also tended towards SASL and SCRAM as the best direction for
developing password and GSSAPI/Kerberos authentication.