| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com> |
| Cc: | bossartn(at)amazon(dot)com, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Maximum password length |
| Date: | 2018-10-12 21:19:32 |
| Message-ID: | 20181012211932.GU4184@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Isaac Morland (isaac(dot)morland(at)gmail(dot)com) wrote:
> On Fri, 12 Oct 2018 at 16:52, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > I'm also trying to figure out why it makes sense to support an 8k
> > password and if we've really tried seeing what happens if pg_authid gets
> > a toast table that's actually used for passwords...
>
> pg_authid.rolpassword stores a hash, so the password length does not affect
> it.
I had been thinking about storing of plaintext passwords, which we
certainly used to do, but forgot that we actually did remove that,
finally, so this specific point isn't a concern any longer, though of
course the rest is.
> Of course, this also means that even in principle super-long passwords
> don't increase security, since one "can" (again, in principle) brute-force
> any password by guessing the first
> not-very-many-more-than-the-total-number-of-distinct-hashes possible
> passwords, starting with the shortest passwords and working up to longer
> passwords.
Well, as you say, length doesn't matter here, if all you're doing is
enumerating all possible responses to the server.
> It's also obvious that past a certain point, longer passwords don't help
> anyway, because it's already enough to have a password that can't be
> guessed in, say, the expected duration of the Earth's existence using all
> the computing power currently available in the world.
Not sure I really am all that keen to get into that debate. :)
> I agree there should be a specific limit that is the same in libpq, on the
> server, and in the protocol. Maybe 128 characters, to get a nice round
> number? This is still way longer than the 32-byte SHA 256 hash. Or 64,
> which is still plenty but doesn't involve extending the current character
> buffer size to a longer value while still hugely exceeding the amount of
> information in the hash.
I certainly don't think that we should break things which do work today,
which would include long plaintext passwords sent by clients.
Even if our clients don't support >100 character passwords, if the
server does, then someone might be using one.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bossart, Nathan | 2018-10-12 21:22:09 | Re: Maximum password length |
| Previous Message | Bossart, Nathan | 2018-10-12 21:14:57 | Re: Maximum password length |