Just to make it clear: - I don't recommend storing the password in cleartext - I *do* recommend exchanging the password in cleartext over the network
This is because the exchange network protocol is vulnerable to "pass the hash" - so somebody who has your pg_shadow but can't crack your password can still use the hash to login. In the thread it was pointed out that the network protocol is vulnerable to session hijacking. Additionally, the challenge-response protocol is vulnerable to extremely fast password searches. This is just another broken ad-hoc challenge-response protocol to be added to the heap. If anyone from postgres is interested in putting a network-compatible fix for password hashing in, feel free to contact me. On 4 March 2015 at 12:09, Michael Samuel <m...@miknet.net> wrote: > Hi, > > On 4 March 2015 at 12:03, Aaron Zauner <a...@azet.org> wrote: >>> Uh, no, using 'password' is far worse, and uniformly so, than using md5. >>> I have no idea why anyone would think it's better to store a cleartext >>> version of your password in the pg_authid data (note that pg_shadow is >>> only a view now, I replaced it long ago when I rewrote the user/group >>> system to be role-based). > > I was referring to the pg_hba.conf setting in my recommendation. > Using "password" there does not change the stored hash, it only > changes the network protocol. > >> Agreed - most enterprise or cloud deployment I've been involved with >> use either PKIX or kerberos. This is a good security measure. >> Replacing MD5 would be nice as well (scrypt, bcrypt?). But I guess a >> debian bug report is the wrong place to discuss this. > > Agree that debian bug is wrong place to discuss fixing password hashing. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
