Re: reducing our reliance on MD5

On Tue, Feb 10, 2015 at 7:32 PM, Peter Geoghegan <pg(at)heroku(dot)com> wrote:
> On Tue, Feb 10, 2015 at 4:21 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>> Although the patch was described as relatively easy to write, it never
>> went anywhere, because it *replaced* MD5 authentication with bcrypt,
>> which would be a big problem for existing clients. It seems clear
>> that we should add something new and not immediately kill off what
>> we've already got, so that people can transition smoothly. An idea I
>> just had today is to keep using basically the same system that we are
>> currently using for MD5, but with a stronger hash algorithm, like
>> SHA-1 or SHA-2 (which includes SHA-224, SHA-256, SHA-384, and
>> SHA-512). Those are slower, but my guess is that even SHA-512 is not
>> enough slower for anybody to care very much, and if they do, well
>> that's another reason to make use of the new stuff optional.
>
> I believe that a big advantage of bcrypt for authentication is the
> relatively high memory requirements. This frustrates GPU based
> attacks.

I don't actually care which algorithm we use, and I dowannahafta care.
What I do want to do is provide a framework so that, when somebody
discovers that X is better than Y because Z, somebody who knows about
cryptography and not much about PostgreSQL ca add support for X in a
relatively small number of lines of code.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company