Re: Password identifiers, protocol aging and SCRAM protocol
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: David Steele <david@pgmasters.net>
Cc: Robert Haas <robertmhaas@gmail.com>,
Michael Paquier <michael.paquier@gmail.com>,
David Fetter <david@fetter.org>,
Alvaro Herrera <alvherre@2ndquadrant.com>,
Magnus Hagander <magnus@hagander.net>,
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,
Heikki Linnakangas <hlinnaka@iki.fi>,
Julian Markwort <julian.markwort@uni-muenster.de>,
Stephen Frost <sfrost@snowman.net>,
PostgreSQL mailing lists <pgsql-hackers@postgresql.org>,
Valery Popov <v.popov@postgrespro.ru>
Date: 2016-07-21T17:31:30Z
Lists: pgsql-hackers
David Steele <david@pgmasters.net> writes: > On 7/21/16 12:19 PM, Robert Haas wrote: >> On Wed, Jul 20, 2016 at 7:42 PM, Michael Paquier >> <michael.paquier@gmail.com> wrote: >>>> People have, in the past, expressed concerns about linking in >>>> pgcrypto. Apparently, in some countries, it's a legal problem. >>> Do you have any references? I don't see that as a problem. >> I don't have a link to previous discussion handy, but I definitely >> recall that it's been discussed. I don't think that would mean that >> libpgcrypto couldn't depend on libpgcommon, but the reverse direction >> would make libpgcrypto essentially mandatory which I don't think is a >> direction we want to go for both technical and legal reasons. > I searched a few different ways and finally came up with this post from Tom: > https://www.postgresql.org/message-id/11392.1389991321@sss.pgh.pa.us > It's the only thing I could find, but thought it might jog something > loose for somebody else. Way back when, like fifteen years ago, there absolutely were US export control restrictions on software containing crypto. I believe the US has figured out that that was silly, but I'm not sure everyplace else has. (And if you've been reading the news you will notice that legal restrictions on crypto are back in vogue, so it would not be wise to assume that the question is dead and buried.) So our project policy since at least the turn of the century has been that any crypto facility has to be in a separable extension, where it would be fairly easy for a packager to delete it if they need to ship a crypto-free version. Note that "crypto" for this purpose generally means reversible encryption; I've never heard that one-way hashes are illegal anywhere. So password hashing such as md5 is fine in core, and a stronger hash would be too. But pulling in pgcrypto lock, stock, and barrel is not OK. regards, tom lane
Commits
-
Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).
- 818fd4a67d61 10.0 landed
-
Refactor SHA2 functions and move them to src/common/.
- 273c458a2b3a 10.0 landed
-
Replace isMD5() with a more future-proof way to check if pw is encrypted.
- dbd69118c05d 10.0 landed
-
Remove bogus notice that older clients might not work with MD5 passwords.
- 7e3ae5455948 9.2.20 landed
- 470af1f41c8b 9.3.16 landed
- ada2cdb61015 9.4.11 landed
- 65a7f190b253 9.5.6 landed
- 7546c135dc30 9.6.2 landed
- 31c54096a18f 10.0 landed
-
Refactor the code for verifying user's password.
- e7f051b8f9a6 10.0 landed
-
Replace PostmasterRandom() with a stronger source, second attempt.
- fe0a0b5993df 10.0 landed
-
Remove support for (insecure) crypt authentication.
- 53a5026b5cb3 8.4.0 cited