Bruce, * Bruce Momjian (br...@momjian.us) wrote: > On Tue, Apr 11, 2017 at 02:53:24PM +0200, Álvaro Hernández Tortosa wrote: > > Let's put ourselves on the foot of potential users. Why would anyone > > want to use SCRAM? What for? The hashing mechanism is better, no question. > > And bring some added benefits, true. So its "better". But the real gain > > comes from using channel binding, which avoids impersonation, MITM attacks. > > This is the deal breaker. SCRAM without channel binding is like Coke Zero > > without caffeine and mixed with water. Don't get me wrong, the work behind > > is great. > > > > But just a bit more is needed to make it really a big announcement and > > provide real value to (I guess, mostly but very interesting) enterprise > > customers, for which MITM and impersonating are big things. The good news is > > that adding channel binding is like inverse Paretto: a 20% of extra effort > > (I bet significantly less) leads to 80% improvement. > > I don't see why channel binding is a big deal for enterprises because I > assume they are already using SSL:
Channel binding should be used with SSL to ensure that there is no man-in-the-middle attack being performed. It's necessary when the end-points aren't performing full, mutual, certificate-based verification. > I think the big win for SCRAM is the inability to replay md5 packets > after recording 16k sessions (salt was only 32-bit, so a 50% chance of > replay after 16 sessions), and storage of SHA256 hashes instead of MD5 > in pg_authid, though the value of that is mostly a check-box item > because collisions are not a problem for the way we use MD5. There are a lot of wins to having SCRAM implemented. I disagree strongly that securing PG from attacks based on latent information gathering (backups which include pg_authid) is just a "check-box" item. Thanks! Stephen
signature.asc
Description: Digital signature
