On Thu, Mar 5, 2015 at 11:15:55AM -0500, Stephen Frost wrote: > * Bruce Momjian (br...@momjian.us) wrote: > > On Wed, Mar 4, 2015 at 05:56:25PM -0800, Josh Berkus wrote: > > > So, are we more worried about attackers getting a copy of pg_authid, or > > > sniffing the hash on the wire? > > > > Both. Stephen is more worried about pg_authid, but I am more worried > > about sniffing. > > I'm also worried about both, but if the admin is worried about sniffing > in their environment, they're much more likely to use TLS than to set up > client side certificates, kerberos, or some other strong auth mechanism, > simply because TLS is pretty darn easy to get working and distros set it > up for you by default.
I think your view might be skewed. I think there many people who care about password security who don't care to do TLS. Also, my suggestion to use a counter for the session salt, to reduce replay from 16k to 4 billion, has not received any comments, and it does not break the wire protocol. I feel that is an incremental improvement we should consider. I think you are minimizing the downsize of your idea using X challenges instead of 16k challenges to get in. Again, if my idea is valid, it would be X challenges vs 4 billion challenges. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
