On 2/10/15 6:32 PM, Peter Geoghegan wrote:
On Tue, Feb 10, 2015 at 4:21 PM, Robert Haas <robertmh...@gmail.com> wrote:
Although the patch was described as relatively easy to write, it never
went anywhere, because it *replaced* MD5 authentication with bcrypt,
which would be a big problem for existing clients. It seems clear
that we should add something new and not immediately kill off what
we've already got, so that people can transition smoothly. An idea I
just had today is to keep using basically the same system that we are
currently using for MD5, but with a stronger hash algorithm, like
SHA-1 or SHA-2 (which includes SHA-224, SHA-256, SHA-384, and
SHA-512). Those are slower, but my guess is that even SHA-512 is not
enough slower for anybody to care very much, and if they do, well
that's another reason to make use of the new stuff optional.
I believe that a big advantage of bcrypt for authentication is the
relatively high memory requirements. This frustrates GPU based
attacks.
This is especially critical if things like bitcoin ASIC rigs could be
put to use generating generic SHA256 hashes. A few grand will buy you
hardware that can generate trillions of hash values per second. AFAIK
there's no specialized hardware for scrypt though (even though it's used
for other cryptocurrencies), in part because it's not cost effective to
put enough memory in place.
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
