Re: pg_authid.rolpassword format (was Re: Password identifiers, protocol aging and SCRAM protocol)

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: Bruce Momjian <bruce(at)momjian(dot)us>,Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>,Robert Haas <robertmhaas(at)gmail(dot)com>,Andres Freund <andres(at)anarazel(dot)de>,Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>,David Steele <david(at)pgmasters(dot)net>,Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,David Fetter <david(at)fetter(dot)org>,Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>,Julian Markwort <julian(dot)markwort(at)uni-muenster(dot)de>,Stephen Frost <sfrost(at)snowman(dot)net>,PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>,Valery Popov <v(dot)popov(at)postgrespro(dot)ru>
Subject: Re: pg_authid.rolpassword format (was Re: Password identifiers, protocol aging and SCRAM protocol)
Date: 2016-12-14 19:34:55
Message-ID: 1D2394E9-B6F3-4EBB-B1CE-F84FCE49AEAE@iki.fi
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 14 December 2016 20:12:05 EET, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>On Wed, Dec 14, 2016 at 11:27:15AM +0100, Magnus Hagander wrote:
>> I would so like to just drop support for plain passwords completely
>:) But
>> there's a backwards compatibility issue to think about of course.
>>
>> But -- is there any actual usecase for them anymore?
>
>I thought we recommended 'password' for SSL connections because if you
>use MD5 passwords the password text layout is known and that simplifies
>cryptanalysis.

No, that makes no sense. And whether you use 'password' or 'md5' authentication is a different question than whether you store passwords in plaintext or as md5 hashes. Magnus was asking whether it ever makes sense to *store* passwords in plaintext.

Since you brought it up, there is a legitimate argument to be made that 'password' authentication is more secure than 'md5', when SSL is used. Namely, if an attacker can acquire contents of pg_authid e.g. by stealing a backup tape, with 'md5' authentication he can log in as any user, using just the stolen hashes. But with 'password', he needs to reverse the hash first. It's not a great difference, but it's something.

- Heikki

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2016-12-14 19:41:41 Re: pg_authid.rolpassword format (was Re: Password identifiers, protocol aging and SCRAM protocol)
Previous Message Peter Eisentraut 2016-12-14 19:30:14 Re: background sessions