Re: Possible to store invalid SCRAM-SHA-256 Passwords

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: raf@raf.org, pgsql-bugs@lists.postgresql.org
Date: 2019-04-23T14:55:28Z
Lists: pgsql-bugs
Stephen Frost <sfrost@snowman.net> writes:
> * raf@raf.org (raf@raf.org) wrote:
>> I don't think there's anything wrong with prefixing a
>> password hash with an identifier for the password
>> hashing scheme (and any parameters for that scheme).
>> This is done all the time in many systems. It just has
>> to be unambiguoous.

> There isn't a way to make it unambiguous given that we accept
> more-or-less anything as a plaintext password though, that would be the
> issue here..

In practice, particularly with the extra validation we just added,
it seems vanishingly unlikely that anyone would choose a password
that just happened to look like one of the hashed formats.

If somebody intentionally chooses such a password, well, it's on
their heads whether the outcome is what they want.

			regards, tom lane



Commits

  1. Fix detection of passwords hashed with MD5

  2. Fix detection of passwords hashed with MD5 or SCRAM-SHA-256