Re: SCRAM authentication, take three
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: Magnus Hagander <magnus@hagander.net>, Noah Misch <noah@leadboat.com>, Michael Paquier <michael.paquier@gmail.com>,
Aleksander Alekseev <a.alekseev@postgrespro.ru>, Alvaro Herrera <alvherre@2ndquadrant.com>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2017-04-07T16:59:17Z
Lists: pgsql-hackers
On Fri, Apr 7, 2017 at 3:59 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote: > I think the "SCRAM" part is more important than "SHA-256", so -1 on that. I agree. The point here isn't that we're using a better hashing method, even if a lot of people *think* that's the point. The point is we're using a modern algorithm that has nice properties like "you can't impersonate the client by steeling the verifier, or even by snooping the exchange". But "sasl" might be even better. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Commits
-
Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption.
- c727f120ff50 10.0 landed
-
Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).
- 818fd4a67d61 10.0 landed