* Heikki Linnakangas (hlinn...@iki.fi) wrote: > On 14 December 2016 20:12:05 EET, Bruce Momjian <br...@momjian.us> wrote: > >On Wed, Dec 14, 2016 at 11:27:15AM +0100, Magnus Hagander wrote: > >> I would so like to just drop support for plain passwords completely > >:) But > >> there's a backwards compatibility issue to think about of course. > >> > >> But -- is there any actual usecase for them anymore? > > > >I thought we recommended 'password' for SSL connections because if you > >use MD5 passwords the password text layout is known and that simplifies > >cryptanalysis. > > No, that makes no sense. And whether you use 'password' or 'md5' > authentication is a different question than whether you store passwords in > plaintext or as md5 hashes. Magnus was asking whether it ever makes sense to > *store* passwords in plaintext.
Right. > Since you brought it up, there is a legitimate argument to be made that > 'password' authentication is more secure than 'md5', when SSL is used. > Namely, if an attacker can acquire contents of pg_authid e.g. by stealing a > backup tape, with 'md5' authentication he can log in as any user, using just > the stolen hashes. But with 'password', he needs to reverse the hash first. > It's not a great difference, but it's something. Tunnelled passwords which are stored as hashes is also well understood and comparable to SSH with passwords in /etc/passwd. Storing plaintext passwords has been bad form for just about forever and I wouldn't be sad to see our support of it go. At the least, as was discussed somewhere, but I'm not sure where it ended up, we should give administrators the ability to control what ways a password can be stored. In particular, once a user has migrated all of their users to SCRAM, they should be able to say "don't let new passwords be in any format other than SCRAM-SHA-256". Thanks! Stephen
Description: Digital signature