> I think it is. From a security point of view, the fact that the same
> salt is always used for the same username is a weakness of md5
> authentication which SCRAM corrects.
In my understanding, md5 does not always use the same salt for the
same username. PostgreSQL keeps md5(password+username) in
pg_authid. When md5 auth is required, the backend sends a random
number (i.e. salt) to the client. The client replies back
md5(salt+md5(password+username)) to the backend. The backend does the
calculation (md5(salt+md5(password+username))). If the result matches
the value sent from the user, md5 authentication succeeds.
So the salt is differ in each session in md5.
The weakness in md5 is , IMO, each PostgreSQL installation always
keeps the same value (md5(password+username)).
> IIUC, things will get even worse once channel binding is committed,
> presumably for PostgreSQL 11. The point of channel binding is to
> guarantee that you are conducting the authentication exchange with the
> target server, not some intermediate proxy that might be conducting a
> hostile MITM attack. pgpool may not be a hostile attack, but it is
> acting as a MITM, and channel binding is going to figure that out and
> fail the authentication. So unless I'm misunderstanding, the solution
> you are proposing figures to have a very limited shelf life.
SRA OSS, Inc. Japan
Sent via pgsql-hackers mailing list (firstname.lastname@example.org)
To make changes to your subscription: