Re: Update encryption options doc for SCRAM-SHA-256

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Shay Rojansky <[email protected]>
To: Peter Eisentraut <[email protected]>
Cc: [email protected]
Subject: Re: Update encryption options doc for SCRAM-SHA-256
Date: Sat, 3 Feb 2018 09:55:59 -0800
Message-ID: <CADT4RqAGnex7B-eqv5ZzTaD6S22HcypzqsXa_GegRMo3343QGA@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>

Thanks for your attention to this.

I'm definitely not a cryptography expert, but it seems to me that the
actual mechanisms (MD5, SHA-256) are more important than the protocols used
to negotiate them (SASL, SCRAM). When some security expert unfamiliar with
PostgreSQL goes over itss documentation to determine whether it's secure, I
think it's important to make sure that the word SHA-256 is actually there.

On Sat, Feb 3, 2018 at 8:30 AM, Peter Eisentraut <
[email protected]> wrote:

> On 2/2/18 18:42, PG Doc comments form wrote:
> > The following documentation comment has been logged on the website:
> >
> > Page: https://www.postgresql.org/docs/10/static/encryption-options.html
> > Description:
> >
> > Section "18.8. Encryption Options" only mentions MD5 as the password
> storage
> > encryption mechanism, although PostgreSQL 10 introduced the superior
> SHA256
> > - somebody looking at the docs would get a bad idea of PostgreSQL's
> > capabilities...
>
> I propose the attached patch.  I have combined the password storage and
> password transmission items, because I don't want to go into the details
> of how SCRAM works on the wire.
>
> --
> Peter Eisentraut              http://www.2ndQuadrant.com/
> PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
>

view thread (3+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Update encryption options doc for SCRAM-SHA-256
  In-Reply-To: <CADT4RqAGnex7B-eqv5ZzTaD6S22HcypzqsXa_GegRMo3343QGA@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox