From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Mark Mielke <mark(at)mark(dot)mielke(dot)cc>, Dave Page <dpage(at)pgadmin(dot)org>, Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Marko Kreen <markokr(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Greg Stark <gsstark(at)mit(dot)edu>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, mlortiz <mlortiz(at)uci(dot)cu>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
Subject: | Re: Rejecting weak passwords |
Date: | 2009-10-15 17:43:51 |
Message-ID: | 10779.1255628631@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> If we were using some kind of real public key system and someone
> suggested breaking it to add password complexity checking, I would
> understand the outrage here. But I don't understand why everyone is
> so worked up about having an *optional* *flag* to force plaintext
> instead of MD5. I might be wrong here, but can't a determined
> attacker brute-force an MD5 anyway? The very fact that people are
> suggesting that password checking might be feasible even on a
> pre-MD5'd password by using a dictionary suggests that we're not
> getting a whole lot of real security here. And even if not, dude,
> it's an *optional* *flag*.
Yes, and it's an optional flag that could perfectly well be implemented
in the plugin that I think we do have consensus to add a hook for.
The argument is over why do we need to litter the core system with it.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Page | 2009-10-15 17:44:40 | Re: Rejecting weak passwords |
Previous Message | Josh Berkus | 2009-10-15 17:22:52 | Re: Could regexp_matches be immutable? |