Re: PG 10 release notes

On Wed, Apr 26, 2017 at 09:02:51AM +0900, Michael Paquier wrote:
> On Wed, Apr 26, 2017 at 12:20 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > On Tue, Apr 25, 2017 at 02:39:40PM +0900, Michael Paquier wrote:
> >> <para>
> >> Add <link linkend="auth-pg-hba-conf"><literal>SCRAM-SHA-256</></>
> >> support for password negotiation and storage (Michael
> >> Paquier, Heikki Linnakangas)
> >> </para>
> >> <para>
> >> This proves better security than the existing 'md5' negotiation and
> >> storage method.
> >> </para>
> >> This is quite vague...
> >
> > Can you give me better text? I can't think of any.
>
> Sure, here is an idea:
> Add support for SASL authentication using protocol mechanism
> SCRAM-SHA-256 per RFC 5802 and 7677. (adding a reference to the RFCs
> with a link seems important to me).
>
> SCRAM-SHA-256 improves deficiencies of MD5 password hashing by
> preventing any kind of pass-the-hash vulnerabilities, where a user
> would be able to connect to a PostgreSQL instance by just knowing the
> hash of a password and not the password itself.

First, I don't think RFC references belong in the release notes, let
alone RFC links.

Second, there seems to be some confusion over what SCRAM-SHA-256 gives
us over MD5. I think there are a few benefits:

o packets cannot be replayed as easily, i.e. md5 replayed random salt
packets with a 50% probability after 16k sessions

o hard to re-use SCRAM-SHA-256 string if disclosed vs. simple for md5

o harder to brute-force trying all possible strings to find a matching
hash

So if you tell users that SCRAM-SHA-256 is better than MD5 only because
of one of those, they will not realize that three benefits of changing
to SCRAM-SHA-256. I might have even missed some benefits.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +