| From: | Abhijit Menon-Sen <ams(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: MD5 authentication needs help -SCRAM |
| Date: | 2015-03-18 09:53:00 |
| Message-ID: | 20150318095300.GA6841@toroid.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
As a followup, I spoke to an IETF friend who's used and implemented both
SRP and SCRAM. He agrees that SRP is cryptographically solid, that it's
significantly more difficult to implement (and therefore has a bit of a
monoculture risk overall, though of course that wouldn't apply to us if
we were to write the code from scratch).
Apparently the patent status is still not entirely clear. Two of the
patents expired, but there are others that may be relevant. Stanford
claims a patent, but apparently grant a free license if you do meet
certain conditions. But he doesn't know of anyone having to go to
court over the use of SRP.
-- Abhijit
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dean Rasheed | 2015-03-18 09:59:33 | Re: INSERT ... ON CONFLICT IGNORE (and UPDATE) 3.0 |
| Previous Message | Kyotaro HORIGUCHI | 2015-03-18 08:30:32 | Re: Performance improvement for joins where outer side is unique |