Stephen Frost wrote: > * Tom Lane (t...@sss.pgh.pa.us) wrote: >> Bruce Momjian <br...@momjian.us> writes: >>> Let me update my list of possible improvements: >> >>> 1) MD5 makes users feel uneasy (though our usage is mostly safe) >> >>> 2) The per-session salt sent to the client is only 32-bits, meaning >>> that it is possible to reply an observed MD5 hash in ~16k connection >>> attempts. >> >>> 3) Using the user name for the MD5 storage salt allows the MD5 stored >>> hash to be used on a different cluster if the user used the same >>> password. >> >>> 4) Using the user name for the MD5 storage salt allows the MD5 stored >>> hash to be used on the _same_ cluster. >> >>> 5) Using the user name for the MD5 storage salt causes the renaming of >>> a user to break the stored password. >> >> What happened to "possession of the contents of pg_authid is sufficient >> to log in"? I thought fixing that was one of the objectives here. > > Yes, it certainly was. I think Bruce was thinking that we could simply > hash what goes on to disk with an additional salt that's stored, but > that wouldn't actually work without requiring a change to the wireline > protocol, which is the basis of this entire line of discussion, in my > view.
This article https://hashcat.net/misc/postgres-pth/postgres-pth.pdf has some ideas about how to improve the situation. Yours, Laurenz Albe -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers