Re: Defaulting to password_encryption = scram-sha-256

From: Andres Freund <andres(at)anarazel(dot)de>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Michael Paquier <michael(at)paquier(dot)xyz>, pgsql-hackers(at)postgresql(dot)org, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Subject: Re: Defaulting to password_encryption = scram-sha-256
Date: 2018-10-07 18:17:06
Message-ID: 20181007181706.ny65ozl3trc74uev@alap3.anarazel.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi,

On 2018-10-07 11:37:20 -0400, Tom Lane wrote:
> Michael Paquier <michael(at)paquier(dot)xyz> writes:
> > On Sat, Oct 06, 2018 at 11:43:06PM -0700, Andres Freund wrote:
> >> Now that we probably have shaken the worst issues out of scram,
> >> shouldn't we change the default password_encryption to something that
> >> doesn't scare people? The only reason I could think of not wanting to
> >> do that for is that we don't necessarily guarantee that we have a strong
> >> random generator, but if that's the issue, we should change initdb to
> >> default it to something safe if the platform provides something. Which
> >> is just about any sane one, no?
>
> > In short, +1.
>
> > The random function issue would apply to any platform in need of
> > --disable-strong-random, but this applies mainly to some old HP-UX stuff
> > if my memory serves me well, so I'd like to think that we should be safe
> > to just switch the default and not complicate initdb.
>
> Yeah, I don't see why that should affect anything. SCRAM with a poor
> random function is probably still better than MD5.

Cool.

> As I recall, the reason for not defaulting to SCRAM right away had
> nothing to do with that; it was worry about how many clients would
> get locked out for lack of SCRAM support.

Right, but two releases should be enough of a warning window.

> But the list at https://wiki.postgresql.org/wiki/List_of_drivers looks
> pretty positive, and another year would probably be enough to give the
> stragglers time to catch up ... especially if they know this is
> coming.

I've updated the list, and I think it looks a bit better now. Go/pq and
Node/node-postgres seem to be the only somewhat important ones without
support. The former has had open PRs for it for quite a while.

Greetings,

Andres Freund

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2018-10-07 18:55:07 Re: executor relation handling
Previous Message Pavel Stehule 2018-10-07 17:13:44 Re: [HACKERS] proposal: schema variables