Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tX7WW-0045hh-4r
	for pgsql-general@arkaria.postgresql.org; Sun, 12 Jan 2025 23:37:40 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tX7WT-0049tw-8m
	for pgsql-general@arkaria.postgresql.org; Sun, 12 Jan 2025 23:37:37 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <bruce@momjian.us>)
	id 1tX7WS-0049tn-U2
	for pgsql-general@lists.postgresql.org; Sun, 12 Jan 2025 23:37:37 +0000
Received: from momjian.us ([72.94.173.45])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <bruce@momjian.us>)
	id 1tX7WP-0004MV-0g
	for pgsql-general@postgresql.org;
	Sun, 12 Jan 2025 23:37:36 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us;
	s=2025010100; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:
	Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
	Content-Description; bh=IJFf2zR2QWiU1a+4celcQAd7qF4voL0AT7vBpbBoBCg=; b=s/Qwm
	fWwDrwZJV18J7BhYh0RT1K8jvZv3gNoQ4UgAw0S4Z/W1paTU57C0+9te7fr0IC5wucI5jBe6W5ezZ
	NsjXXJ7Zh2SfMTksCNH2Bys7iUxqhTUXHUbC2kxztaIVlAgTiCCVimHRVZBZTiv3iP/wgWplc6aJH
	AKGef7laQo0UyFrUDnyB3MCurTi7eZ+vNgr0Pl8raIOx336QwLOtpGG7706tXCI+H3N7kBNdHGRyp
	UpF44FV/K1Rx83dITNCujrHCJkVNBxqGxCXXBxyUiCXPSJng1RHN9hrZm3xDpUqc986fd0u7l3onX
	jpHJUAk4A7qTsyB7k5oB6S4Pm9vmQ==;
Received: from bruce by momjian.us with local (Exim 4.96)
	(envelope-from <bruce@momjian.us>)
	id 1tX7WL-005K0L-2X;
	Sun, 12 Jan 2025 18:37:29 -0500
Date: Sun, 12 Jan 2025 18:37:29 -0500
From: Bruce Momjian <bruce@momjian.us>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: "Peter J. Holzer" <hjp-pgsql@hjp.at>, pgsql-general@postgresql.org
Subject: Re: Automatic upgrade of passwords from md5 to scram-sha256
Message-ID: <Z4RSObS8OJqMqmTP@momjian.us>
References: <20250112222828.b36hpzm3ulfzlkws@hjp.at>
 <372571.1736722760@sss.pgh.pa.us>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <372571.1736722760@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/Z4RSObS8OJqMqmTP%40momjian.us>
Precedence: bulk

On Sun, Jan 12, 2025 at 05:59:20PM -0500, Tom Lane wrote:
> > If the password for the user is stored as an MD5 hash, the server
> > replies to the startup message with an AuthenticationCleartextPassword
> > respnse to force the client to send the password in the clear
> > (obviously you only want to do that if the connection is TLS-encrypted
> > or otherwise safe from eavesdropping).
> 
> I think this idea is a nonstarter, TLS or not.  We're generally moving
> in the direction of never letting the server see cleartext passwords.
> It's already possible to configure libpq to refuse such requests
> (see require_auth parameter), although that hasn't been made the
> default.

Agreed.  I think weakening the MD5 handshake to switch to a more secure
hash algorithm is unwise.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Do not let urgent matters crowd out time for investment in the future.