On 11/02/15 02:30, Tom Lane wrote:

I think it would be wise to take two steps back and think about what
the threat model is here, and what we actually need to improve.
Offhand I can remember two distinct things we might wish to have more
protection against:

* scraping of passwords off the wire protocol (but is that still
a threat in an SSL world?).  Better salting practice would do more
than replacing the algorithm as such for this, IMO.


We might consider it our problem or not, but in general terms man-in-the-middle attacks, which are easy to implement in many scenarios, are a scraping problem. In particular, I have seen tons of developers turn off SSL validation during development and not turning back it on for production, leaving servers vulnerable to password scraping under mitm attacks. So I would always considering hashing anyway.

    SCRAM seems to be a good solution anyway.



Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to