On 11/02/15 02:30, Tom Lane wrote:
[...]
I think it would be wise to take two steps back and think about what
the threat model is here, and what we actually need to improve.
Offhand I can remember two distinct things we might wish to have more
protection against:
* scraping of passwords off the wire protocol (but is that still
a threat in an SSL world?). Better salting practice would do more
than replacing the algorithm as such for this, IMO.
mitm
We might consider it our problem or not, but in general terms
man-in-the-middle attacks, which are easy to implement in many
scenarios, are a scraping problem. In particular, I have seen tons of
developers turn off SSL validation during development and not turning
back it on for production, leaving servers vulnerable to password
scraping under mitm attacks. So I would always considering hashing anyway.
SCRAM seems to be a good solution anyway.
Regards,
Álvaro
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers