Catching up here ... On 03/03/2015 06:01 PM, Bruce Momjian wrote: > It feels like MD5 has accumulated enough problems that we need to start > looking for another way to store and pass passwords. The MD5 problems > are: > > 1) MD5 makes users feel uneasy (though our usage is mostly safe) > > 2) The per-session salt sent to the client is only 32-bits, meaning > that it is possible to reply an observed MD5 hash in ~16k connection > attempts.
Seems like we could pretty easily increase the size of the salt. Of course, that just increases the required number of connection attempts, without really fixing the problem. > 3) Using the user name for the MD5 storage salt allows the MD5 stored > hash to be used on a different cluster if the user used the same > password. This is a feature as well as a bug. For example, pgBouncer relies on this aspect of md5 auth. > 4) Using the user name for the MD5 storage salt causes the renaming of > a user to break the stored password. Wierdly, in 17 years of Postgres, I've never encountered this issue. So, are we more worried about attackers getting a copy of pg_authid, or sniffing the hash on the wire? -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers