Quick Links

Re: SCRAM with channel binding downgrade attack

From:	Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
To:	Magnus Hagander <magnus(at)hagander(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
Cc:	Bruce Momjian <bruce(at)momjian(dot)us>, Michael Paquier <michael(at)paquier(dot)xyz>, Robert Haas <robertmhaas(at)gmail(dot)com>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Postgres hackers <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>
Subject:	Re: SCRAM with channel binding downgrade attack
Date:	2018-06-28 08:04:05
Message-ID:	23820cef-365b-672a-8cbf-7eb0ce2eca38@2ndquadrant.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers pgsql-www

On 6/28/18 09:35, Magnus Hagander wrote:
> No, we absolutely still have SCRAM channel binding.
>
> *libpq* has no way to *enforce* it, meaning it always acts like our
> default SSL config which is "use it if available but if it's not then
> silently accept the downgrade". From a security perspective, it's just
> as bad as our default ssl config, but unlike ssl you can't configure a
> requirement in 11.

Isn't this similar to what happened whenever we added a new or better
password method? A MITM that didn't want to bother cracking MD5 could
just alter the stream and request "password" authentication. Same with
MD5->SCRAM, SCRAM->SCRAM+CB, and even a hypothetical future change in
the SCRAM hashing method. Clearly, we need a more comprehensive
solution for this.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to

Re: SCRAM with channel binding downgrade attack at 2018-06-28 07:35:57 from Magnus Hagander

Responses

Re: SCRAM with channel binding downgrade attack at 2018-06-28 08:07:44 from Magnus Hagander
Re: SCRAM with channel binding downgrade attack at 2018-06-28 12:51:47 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Peter Eisentraut	2018-06-28 08:05:23	Re: SCRAM with channel binding downgrade attack
Previous Message	Masahiko Sawada	2018-06-28 07:55:52	Re: [HACKERS] SERIALIZABLE with parallel query

Browse pgsql-www by date

	From	Date	Subject
Next Message	Peter Eisentraut	2018-06-28 08:05:23	Re: SCRAM with channel binding downgrade attack
Previous Message	Magnus Hagander	2018-06-28 07:35:57	Re: SCRAM with channel binding downgrade attack