Re: A stab at implementing better password hashing, with mixed results
Alastair Turner <bell@ctrlf5.co.za>
From: Alastair Turner <bell@ctrlf5.co.za>
To: PostgreSQL hackers <pgsql-hackers@postgresql.org>
Date: 2012-12-28T18:25:53Z
Lists: pgsql-hackers
On Thu, Dec 27, 2012 at 5:39 PM, Peter Bex <Peter.Bex@xs4all.nl> wrote: > On Thu, Dec 27, 2012 at 12:31:08PM -0300, Claudio Freire wrote: >> On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex <Peter.Bex@xs4all.nl> wrote: >> > >> > Implementing a more secure challenge-response based algorithm means >> > a change in the client-server protocol. Perhaps something like SCRAM >> > (maybe through SASL) really is the way forward for this, but that >> > seems like quite a project and it seems to dictate how the passwords are >> > stored; it requires a hash of the PBKDF2 algorithm to be stored. >> >> It would be nonsense to do it in any other way... protecting the >> password store and not the exchange would just shift the weak spot. > > Yeah, that's why I was being rather pessimistic about the patch I posted. > However, SCRAM will only protect the password; SSL is still required > to protect against connection hijacking. > The thread that ended with http://archives.postgresql.org/message-id/5086CB7A.5040406@gmx.net also tended towards SASL and SCRAM as the best direction for developing password and GSSAPI/Kerberos authentication.