Re: SCRAM in the PG 10 release notes

On 09/12/2017 04:09 AM, Noah Misch wrote:
> On Wed, May 10, 2017 at 10:50:51PM -0400, Bruce Momjian wrote:
>> On Mon, May 1, 2017 at 08:12:51AM -0400, Robert Haas wrote:
>>> On Tue, Apr 25, 2017 at 10:16 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>>>> Well, we could add "MD5 users are encouraged to switch to
>>>> SCRAM-SHA-256". Now whether we want to list this as something on the
>>>> SCRAM-SHA-256 description, or mention it as an incompatibility, or
>>>> under Migration. I am not clear that MD5 is in such terrible shape that
>>>> this is warranted.
>>>
>>> I think it's warranted. The continuing use of MD5 has been a headache
>>> for some EnterpriseDB customers who have compliance requirements which
>>> they must meet. It's not that they themselves necessarily know or
>>> care whether MD5 is secure, although in some cases they do; it's that
>>> if they use it, they will be breaking laws or regulations to which
>>> their business or agency is subject. I imagine customers of other
>>> PostgreSQL companies have similar issues. But leaving that aside, the
>>> advantage of SCRAM isn't merely that it uses a better algorithm to
>>> hash the password. It has other advantages also, like not being
>>> vulnerable to replay attacks. If you're doing password
>>> authentication, you should really be using SCRAM, and encouraging
>>> people to move to SCRAM after upgrading is a good idea.
>>>
>>> That having been said, SCRAM is a wire protocol break. You will not
>>> be able to upgrade to SCRAM unless and until the drivers you use to
>>> connect to the database add support for it. The only such driver
>>> that's part of libpq; other drivers that have reimplemented the
>>> PostgreSQL wire protocol will have to be updated with SCRAM support
>>> before it will be possible to use SCRAM with those drivers. I think
>>> this should be mentioned in the release notes, too. I also think it
>>> would be great if somebody would put together a wiki page listing all
>>> the popular drivers and (1) whether they use libpq or reimplement the
>>> wire protocol, and (2) if the latter, the status of any efforts to
>>> implement SCRAM, and (3) if those efforts have been completed, the
>>> version from which they support SCRAM. Then, I think we should reach
>>> out to all of the maintainers of those driver authors who aren't
>>> moving to support SCRAM and encourage them to do so.
>>
>> I have added this as an open item because we will have to wait to see
>> where we are with driver support as the release gets closer.
>
> With the release near, I'm promoting this to the regular open issues section.

Thanks.

I updated the list of drivers on the wiki
(https://wiki.postgresql.org/wiki/List_of_drivers), adding a column for
whether the driver supports SCRAM authentication. Currently, the only
non-libpq driver that has implemented SCRAM is the JDBC driver. I
submitted a patch for the Go driver, but it hasn't been committed yet.

As for a recommendation in the release notes, maybe something like
"Installations using MD5 authentication are encouraged to switch to
SCRAM-SHA-256, unless using older client programs or drivers that don't
support it yet."

- Heikki