On 3/1/22 8:31 AM, Stephen Frost wrote:
Greetings,* Michael Paquier (mich...@paquier.xyz) wrote:On Mon, Feb 28, 2022 at 04:42:55PM -0500, Stephen Frost wrote:Keeping it around will just push out the point at which everyone will finally be done with it, as there's really only two groups: those who have already moved to scram, and those who won't move until they want to upgrade to a release that doesn't have md5.FWIW, I am not sure if we are at this point yet. An extra reason to remove it would be that it is a support burden, but I don't have seen in recent memory any problems related to it that required any deep changes in the way to use it, and its code paths are independent.Ongoing reports that there's a known vulnerability aren't great to have to deal with. We can at least point people to scram but that's not great.The last time I played with this area is the recent error handling improvement with cryptohashes but MD5 has actually helped here in detecting the problem as a patched OpenSSL would complain if trying to use MD5 as hash function when FIPS is enabled.Having to continue to deal with md5 as an algorithm when it's known to be notably less secure and so much so that organizations essentially ban its use for exactly what we're using it for, in fact, another reason to remove it, not a reason to keep it. Better code coverage testing of error paths is the answer to making sure that our error handling behaves properly.
So, I generally agree with Stephen and his arguments for dropping the md5 mechanism.
If you're moving to a newer version of PostgreSQL, you likely have to update your connection drivers anyway (rebuilt against new libpq, supporting any changes in the protocol, etc). I would prefer more data to support that argument, but this is generally what you need to do.
However, we may need to step towards it. We took one step last release with defaulting to SCRAM. Perhaps this release we add a warning for anything using md5 auth that "this will be removed in a future release." (or specifically v16). We should also indicate in the docs that md5 is deprecated and will be removed.
We also need to think about upgrading: what happens if I try to upgrade and I still have user passwords stored in a md5 hash? What if all my password-based users have a md5 hash, does pg_upgrade fail?
As much as I want md5 gone, I think v16 is the earliest we can do it, but we can lay the groundwork for it now.
Thanks, Jonathan
OpenPGP_signature
Description: OpenPGP digital signature