Re: Rejecting weak passwords
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Mark Mielke <mark@mark.mielke.cc>, Dave Page <dpage@pgadmin.org>, Kevin Grittner <Kevin.Grittner@wicourts.gov>, Andrew Dunstan <andrew@dunslane.net>, Marko Kreen <markokr@gmail.com>, Magnus Hagander <magnus@hagander.net>, Greg Stark <gsstark@mit.edu>, Bruce Momjian <bruce@momjian.us>, pgsql-hackers <pgsql-hackers@postgresql.org>, mlortiz <mlortiz@uci.cu>, Albe Laurenz <laurenz.albe@wien.gv.at>
Date: 2009-10-15T17:43:51Z
Lists: pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes: > If we were using some kind of real public key system and someone > suggested breaking it to add password complexity checking, I would > understand the outrage here. But I don't understand why everyone is > so worked up about having an *optional* *flag* to force plaintext > instead of MD5. I might be wrong here, but can't a determined > attacker brute-force an MD5 anyway? The very fact that people are > suggesting that password checking might be feasible even on a > pre-MD5'd password by using a dictionary suggests that we're not > getting a whole lot of real security here. And even if not, dude, > it's an *optional* *flag*. Yes, and it's an optional flag that could perfectly well be implemented in the plugin that I think we do have consensus to add a hook for. The argument is over why do we need to litter the core system with it. regards, tom lane