Re: Successor of MD5 authentication, let's use SCRAM

On 10/22/12 1:25 PM, Stephen Frost wrote:
> * Peter Eisentraut (peter_e(at)gmx(dot)net) wrote:
>> On 10/12/12 3:44 PM, Stephen Frost wrote:
>>> In general, I think it's good to build on existing implementations where
>>> possible. Perhaps we could even consider using something which already
>>> exists for this?
>>
>> Sounds like SASL to me.
>
> aiui, that would allow us to support SCRAM and we could support
> Kerberos/GSSAPI under SASL as well... Not sure how comfortable folks
> would be with moving to that though.

Considering all the design and implementation challenges that have been
brought up in this thread:

- not using MD5

- not using whatever we replace MD5 with when that gets broken

- content of pg_shadow can be used to log in

- questions about salt collisions

- making the hash more expensive

- negotiating how much more expensive, allowing changes in the future

- using HMAC to guard against length-extension attacks

- support for poolers/proxies

I think I would be less comfortable with a hand-crafted solution to each
of these issues, and would be more comfortable with using an existing
solution that, from the look of it, already does all of that, and which
is used by mail and LDAP servers everywhere.

That said, I don't have any experience programming SASL clients or
servers, only managing existing implementations. But I'd say it's
definitely worth a look.