Re: Password identifiers, protocol aging and SCRAM protocol

Magnus Hagander <magnus@hagander.net>

From: Magnus Hagander <magnus@hagander.net>
To: Michael Paquier <michael.paquier@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Stephen Frost <sfrost@snowman.net>, David Steele <david@pgmasters.net>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>, Valery Popov <v.popov@postgrespro.ru>
Date: 2016-03-22T15:41:37Z
Lists: pgsql-hackers
On Tue, Mar 22, 2016 at 2:48 PM, Michael Paquier <michael.paquier@gmail.com>
wrote:

> On Mon, Mar 21, 2016 at 11:07 PM, Robert Haas <robertmhaas@gmail.com>
> wrote:
> > Well, I said before and I'll say again that I don't like the idea of
> > multiple password verifiers.  I think that's an accident waiting to
> > happen, and I'm not prepared to put in the amount of time and energy
> > that it would take to get that feature committed despite not wanting
> > it myself, or for being responsible for it afterwards.  I'd prefer we
> > didn't do it at all, although I'm not going to dig in my heels.  I
> > might be willing to deal with SCRAM itself, but this whole area is not
> > my strongest suit.  So ideally some other committer would be willing
> > to pick this up.
>
> I won't bet my hand on that.
>

In principle I'd be happy to look at it, but I doubt that I will have
enough time to get it done within this CF unfortunately. Thus I'd rather
not commit to doing it.. It kind of fell off my radar too long ago, as I
was originally planning to look at it back in the autumn, but failed.

So basically, if somebody else has the cycles to do it in time for 9.6,
please do.


I have marked the patch as returned with feedback.
>
>
Yeah, unfortunately I think that's probably right. Let's focus on things
that have a better chance of making it.

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Commits

  1. Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).

  2. Refactor SHA2 functions and move them to src/common/.

  3. Replace isMD5() with a more future-proof way to check if pw is encrypted.

  4. Remove bogus notice that older clients might not work with MD5 passwords.

  5. Refactor the code for verifying user's password.

  6. Replace PostmasterRandom() with a stronger source, second attempt.

  7. Remove support for (insecure) crypt authentication.