* Bruce Momjian (br...@momjian.us) wrote:
> One way to fix #2 would be to use a per-user or per-cluster counter for
> the session salt, rather than a random number --- that would change
> replays from ~16k to 4 billion, with no wire protocol change needed.

I'm not against doing that if we decide to ignore the pg_authid-based
vector (which we could certainly do), but given the relatively poor
hashing algorithm we use and the small salt, along with the commonly
used practice of using TLS to address network-based attacks, I'm not
sure it's really worth it.

Note that changing the algorithm or the salt would require a wireline
protocol change and therefore isn't interesting to consider as, if we're
going to do that, we should be moving to a vetted solution instead.



Attachment: signature.asc
Description: Digital signature

Reply via email to