On Wed, Mar 4, 2015 at 05:56:25PM -0800, Josh Berkus wrote: > Catching up here ... > > On 03/03/2015 06:01 PM, Bruce Momjian wrote: > > It feels like MD5 has accumulated enough problems that we need to start > > looking for another way to store and pass passwords. The MD5 problems > > are: > > > > 1) MD5 makes users feel uneasy (though our usage is mostly safe) > > > > 2) The per-session salt sent to the client is only 32-bits, meaning > > that it is possible to reply an observed MD5 hash in ~16k connection > > attempts. > > Seems like we could pretty easily increase the size of the salt. Of > course, that just increases the required number of connection attempts, > without really fixing the problem. > > > 3) Using the user name for the MD5 storage salt allows the MD5 stored > > hash to be used on a different cluster if the user used the same > > password. > > This is a feature as well as a bug. For example, pgBouncer relies on > this aspect of md5 auth. > > > 4) Using the user name for the MD5 storage salt causes the renaming of > > a user to break the stored password. > > Wierdly, in 17 years of Postgres, I've never encountered this issue. > > So, are we more worried about attackers getting a copy of pg_authid, or > sniffing the hash on the wire?
Both. Stephen is more worried about pg_authid, but I am more worried about sniffing. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers