Re: MD5 authentication needs help -SCRAM

From: Abhijit Menon-Sen <ams(at)2ndQuadrant(dot)com>
To: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
Cc: Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgreSQL(dot)org
Subject: Re: MD5 authentication needs help -SCRAM
Date: 2015-03-18 09:53:00
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

As a followup, I spoke to an IETF friend who's used and implemented both
SRP and SCRAM. He agrees that SRP is cryptographically solid, that it's
significantly more difficult to implement (and therefore has a bit of a
monoculture risk overall, though of course that wouldn't apply to us if
we were to write the code from scratch).

Apparently the patent status is still not entirely clear. Two of the
patents expired, but there are others that may be relevant. Stanford
claims a patent, but apparently grant a free license if you do meet
certain conditions. But he doesn't know of anyone having to go to
court over the use of SRP.

-- Abhijit

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Dean Rasheed 2015-03-18 09:59:33 Re: INSERT ... ON CONFLICT IGNORE (and UPDATE) 3.0
Previous Message Kyotaro HORIGUCHI 2015-03-18 08:30:32 Re: Performance improvement for joins where outer side is unique