On Tue, Apr 11, 2017 at 02:53:24PM +0200, Álvaro Hernández Tortosa wrote: > Let's put ourselves on the foot of potential users. Why would anyone > want to use SCRAM? What for? The hashing mechanism is better, no question. > And bring some added benefits, true. So its "better". But the real gain > comes from using channel binding, which avoids impersonation, MITM attacks. > This is the deal breaker. SCRAM without channel binding is like Coke Zero > without caffeine and mixed with water. Don't get me wrong, the work behind > is great. > > But just a bit more is needed to make it really a big announcement and > provide real value to (I guess, mostly but very interesting) enterprise > customers, for which MITM and impersonating are big things. The good news is > that adding channel binding is like inverse Paretto: a 20% of extra effort > (I bet significantly less) leads to 80% improvement.
I don't see why channel binding is a big deal for enterprises because I assume they are already using SSL: https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism#Channel_binding I think the big win for SCRAM is the inability to replay md5 packets after recording 16k sessions (salt was only 32-bit, so a 50% chance of replay after 16 sessions), and storage of SHA256 hashes instead of MD5 in pg_authid, though the value of that is mostly a check-box item because collisions are not a problem for the way we use MD5. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers