| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Álvaro Hernández Tortosa <aht(at)8kdata(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Some thoughts about SCRAM implementation |
| Date: | 2017-04-12 16:09:04 |
| Message-ID: | 8328.1492013344@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Heikki Linnakangas <hlinnaka(at)iki(dot)fi> writes:
> On 04/12/2017 06:26 PM, Bruce Momjian wrote:
>> How does it do that?
> Good question, crypto magic? I don't know the details, but the basic
> idea is that you extract a blob of data that uniquely identifies the TLS
> connection. Using some OpenSSL functions, in this case. I think it's a
> hash of some of the TLS handshake messages that were used when the TLS
> connection was established (that's what "tls-unique" means). That data
> is then incorporated in the hash calculations of the SCRAM
> authentication. If the client and the server are not speaking over the
> same TLS connection, they will use different values for the TLS data,
> and the SCRAM computations will not match, and you get an authentication
> failure.
... which the user can't tell apart from having fat-fingered the password,
I suppose? Doesn't sound terribly friendly. A report of a certificate
mismatch is far more likely to lead people to realize there's a MITM.
So this seems more like a hack than like a feature we need so desperately
as to push it into v10 post-freeze.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-04-12 16:23:37 | Re: Add pgstathashindex() to get hash index table statistics. |
| Previous Message | Tom Lane | 2017-04-12 16:03:46 | Re: Possible problem in Custom Scan API |