Re: Successor of MD5 authentication, let's use SCRAM

On Wed, Oct 10, 2012 at 3:36 PM, Simon Riggs <simon(at)2ndquadrant(dot)com> wrote:
> On 10 October 2012 11:41, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> wrote:
>> Thoughts on that?
>
> I think there has been enough discussion of md5 problems elsewhere
> that we should provide an alternative.
>
> If we can agree on that bit first, we can move onto exactly what else
> should be available.

Main weakness in current protocol is that stored value is
plaintext-equivalent - you can use it to log in.

Rest of the problems - use of md5 and how it is used - are relatively minor.
(IOW - they don't cause immediate security incident.)

Which means just slapping SHA1 in place of MD5 and calling it a day
is bad idea.

Another bad idea is to invent our own algorithm - if a security
protocol needs to fulfill more than one requirement, it tends
to get tricky.

I have looked at SRP previously, but it's heavy of complex
bignum math, which makes it problematic to reimplement
in various drivers. Also many versions of it makes me
dubious of the authors..

The SCRAM looks good from the quick glance. It uses only
basic crypto tools - hash, hmac, xor.

The "stored auth info cannot be used to log in" will cause
problems to middleware, but SCRAM defines also
concept of log-in-as-other-user, so poolers can have
their own user that they use to create connections
under another user. As it works only on connect
time, it can actually be secure, unlike user switching
with SET ROLE.

--
marko