Re: Possible to store invalid SCRAM-SHA-256 Passwords

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: raf@raf.org
Cc: pgsql-bugs@lists.postgresql.org
Date: 2019-04-23T14:42:00Z
Lists: pgsql-bugs
Greetings,

* raf@raf.org (raf@raf.org) wrote:
> Stephen Frost wrote:
> > I agree we should also handle md5 better.  I realize this needs to be
> > back-patched and so we have to deal with the existing catalog structure,
> > but this really screams out, in my mind anyway, that we shouldn't have
> > ever tried to just stash the password-encoding-type into the password
> > field and that we should have pulled it out into its own column, so that
> > we aren't having to guess about things as important as a password.
> 
> I don't think there's anything wrong with prefixing a
> password hash with an identifier for the password
> hashing scheme (and any parameters for that scheme).
> This is done all the time in many systems. It just has
> to be unambiguoous.

There isn't a way to make it unambiguous given that we accept
more-or-less anything as a plaintext password though, that would be the
issue here..

Thanks!

Stephen

Commits

  1. Fix detection of passwords hashed with MD5

  2. Fix detection of passwords hashed with MD5 or SCRAM-SHA-256