Re: Password identifiers, protocol aging and SCRAM protocol

Victor Wagner <vitus@wagner.pp.ru>

From: Victor Wagner <vitus@wagner.pp.ru>
To: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2016-11-09T06:59:27Z
Lists: pgsql-hackers
On Wed, 9 Nov 2016 15:23:11 +0900
Michael Paquier <michael.paquier@gmail.com> wrote:


> 
> (This is about patch 0007, not 0001)
> Thanks, you are right. That's not good as-is. So this basically means
> that the characters here should be from 32 to 127 included.

Really, most important is to exclude comma from the list of allowed
characters. And this prevents us from using a range.

I'd do something like:

char prinables="0123456789ABCDE...xyz!@#*&+";
unsigned int r;

for (i=0;i<SCRAM_NONCE_SIZE;i++) {
     pg_strong_random(&r,sizeof(unsigned int))
     nonce[i]=printables[r%(sizeof(prinables)-1)]
     /* -1 is here to exclude terminating zero byte*/
}
    

> generate_nonce needs just to be made smarter in the way it selects the
> character bytes.



Commits

  1. Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).

  2. Refactor SHA2 functions and move them to src/common/.

  3. Replace isMD5() with a more future-proof way to check if pw is encrypted.

  4. Remove bogus notice that older clients might not work with MD5 passwords.

  5. Refactor the code for verifying user's password.

  6. Replace PostmasterRandom() with a stronger source, second attempt.

  7. Remove support for (insecure) crypt authentication.