On Wed, Mar 4, 2015 at 03:59:02PM -0500, Stephen Frost wrote: > * Tom Lane (t...@sss.pgh.pa.us) wrote: > > Bruce Momjian <br...@momjian.us> writes: > > > Let me update my list of possible improvements: > > > > > 1) MD5 makes users feel uneasy (though our usage is mostly safe) > > > > > 2) The per-session salt sent to the client is only 32-bits, meaning > > > that it is possible to reply an observed MD5 hash in ~16k connection > > > attempts. > > > > > 3) Using the user name for the MD5 storage salt allows the MD5 stored > > > hash to be used on a different cluster if the user used the same > > > password. > > > > > 4) Using the user name for the MD5 storage salt allows the MD5 stored > > > hash to be used on the _same_ cluster. > > > > > 5) Using the user name for the MD5 storage salt causes the renaming of > > > a user to break the stored password. > > > > What happened to "possession of the contents of pg_authid is sufficient > > to log in"? I thought fixing that was one of the objectives here. > > Yes, it certainly was. I think Bruce was thinking that we could simply > hash what goes on to disk with an additional salt that's stored, but > that wouldn't actually work without requiring a change to the wireline > protocol, which is the basis of this entire line of discussion, in my > view.
I was not really focused on needing or not needing wire protocol changes, but rather trying to understand the attack vectors and how they could be fixed, in general. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. + -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers