Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cmptG-0007z1-EV for pgsql-hackers@arkaria.postgresql.org; Sat, 11 Mar 2017 22:53:34 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.84_2) (envelope-from ) id 1cmptF-0004r3-Uj for pgsql-hackers@arkaria.postgresql.org; Sat, 11 Mar 2017 22:53:33 +0000 Received: from makus.postgresql.org ([2001:4800:1501:1::229]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1cmprm-0002FE-7r for pgsql-hackers@postgresql.org; Sat, 11 Mar 2017 22:52:02 +0000 Received: from 104-190-1-44.lightspeed.sndgca.sbcglobal.net ([104.190.1.44] helo=joeconway.com) by makus.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cmprf-0000tw-8V for pgsql-hackers@postgresql.org; Sat, 11 Mar 2017 22:52:00 +0000 Received: from [72.214.29.243] (account jconway@joeconway.com HELO [192.168.4.41]) by joeconway.com (CommuniGate Pro SMTP 6.1.4) with ESMTPSA id 18089542; Sat, 11 Mar 2017 14:51:53 -0800 Subject: Re: Changing references of password encryption to hashing To: Michael Paquier , PostgreSQL mailing lists References: From: Joe Conway Openpgp: id=4EA5B4659ED59CC9538139A5332B7E68B699434A Message-ID: <036316d5-a707-3f26-2ad2-8a63a8ff3f5f@joeconway.com> Date: Sat, 11 Mar 2017 14:51:52 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HK0KgaKrj1e1BhgboBc3HVfhinHDocpiC" X-Pg-Spam-Score: -0.9 (/) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-hackers Precedence: bulk Sender: pgsql-hackers-owner@postgresql.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --HK0KgaKrj1e1BhgboBc3HVfhinHDocpiC From: Joe Conway To: Michael Paquier , PostgreSQL mailing lists Message-ID: <036316d5-a707-3f26-2ad2-8a63a8ff3f5f@joeconway.com> Subject: Re: [HACKERS] Changing references of password encryption to hashing References: In-Reply-To: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 On 03/09/2017 06:16 PM, Michael Paquier wrote: > As discussed here: > https://www.postgresql.org/message-id/98cafcd0-5557-0bdf-4837-0f2b7782d0b= 5@joeconway.com > We are using in documentation and code comments "encryption" to define > what actually is hashing, which is confusing. >=20 > Attached is a patch for HEAD to change the documentation to match hashing. >=20 > There are a couple of things I noticed on the way: > 1) There is the user-visible PQencryptPassword in libpq, which > actually hashes the password, and not encrypts it :) > 2) There is as well pg_md5_encrypt() in the code, as well as there is > pg_md5_hash(). Those may be better if renamed, at least I would think > that pg_md5_encrypt should be pg_md5_password_hash, because a salt is > used as well, and the routine is dedicated to work on passwords. > Thoughts? > 3) createuser also has --encrypt and --unencrypted, perhaps those > should be renamed? Honestly I don't really think that this is worth a > breakage and the option names match with the SQL commands. My opinion is that the user visible aspects of this should be deprecated and correct syntax provided. But perhaps that is overkill. 8<------------ key and server key, respectively, in hexadecimal format. A password that - does not follow either of those formats is assumed to be unencrypted. + does not follow either of those formats is assumed to be in plain format, + non-hashed. 8<------------ I think here, instead of "in plain format, non-hashed" it is ok to just say "cleartext" or maybe "plaintext". Whichever is picked, it should be used consistently. 8<------------ - To prevent unencrypted passwords from being sent across the network, + To prevent non-hashed passwords from being sent across the network, 8<------------ same here "non-hashed" =3D=3D> "cleartext" 8<------------ - Caution must be exercised when specifying an unencrypted password + Caution must be exercised when specifying a non-hashed password 8<------------ and here ...etc... Joe --=20 Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development --HK0KgaKrj1e1BhgboBc3HVfhinHDocpiC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYxH+JAAoJEDfy90M199hl3u4P/23bLgPf7fxApaAZaY2EEY9P 8sGg/uPCRxXnnr3FZwHsl/mNJhTZYIsv+pasiJIWQ41rOGWsuWNm3cjdvTjQG1Ct EF/XYn1c9kRTSrF3ygpCaRaBaqfU9+Xa3pwlwvltqC77ZJjeBFwfImZ98PfAALgk kskfCC8gzytGHaIASWd0GpSTMKgaPArPGFBHukDmZomLEArYKQDrm9Cxdu1gyyZ3 hhI22pCrNMgTlIkjkLue5UFan0afOGZqpmm2qnMwHmTTLqcrFzrbUHd7mZ6YftfQ AlniUWLyEnehMBFAJ4v3pD1gi9ixpj5ISn5wwAuTNXOw7iXDfI0eIdQnCVp8OjYy wVjvBgZ5riPpe9cLaX8ypVOBod8a7nz2UYiBX6KzN14fu4RL2tR2PTRFkCmx2Euh HTO+2QmSnksZyrQ1I5C89d5t80OMQ7prf8/wd3FkvPfbWUbJ7U7aKNPTHpqW66ai xgT8NapNUmkw74wTjDcGA2Tk8nDurrAtLZBJWskhJILnPyJuQdE8EOGG/4ZA1uYB DlMEs6HJjIpx6Nh5ORdDJK6aTQXO4ByImIMhKYIPh3vYIuf5pEYAEsaokCiFfA0m ORAfQEABpzhUAye7DIHtw8CYwthTjAU4OhW6Cpl583nGXfdf0o+3cIvBOD6OEF1R pgz6M+a78AF4itiOn4YV =xDGm -----END PGP SIGNATURE----- --HK0KgaKrj1e1BhgboBc3HVfhinHDocpiC--