Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nOnnK-00073z-PA for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Feb 2022 21:43:02 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nOnnI-0002Nc-NC for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Feb 2022 21:43:00 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nOnnI-0002Mg-DH for pgsql-hackers@lists.postgresql.org; Mon, 28 Feb 2022 21:43:00 +0000 Received: from tamriel.snowman.net ([70.109.60.50]) by magus.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nOnnF-0000HR-6F for pgsql-hackers@lists.postgresql.org; Mon, 28 Feb 2022 21:42:59 +0000 Received: by tamriel.snowman.net (Postfix, from userid 1000) id B5A625F7A2; Mon, 28 Feb 2022 16:42:55 -0500 (EST) Date: Mon, 28 Feb 2022 16:42:55 -0500 From: Stephen Frost To: Tom Lane Cc: Jeff Davis , samay sharma , pgsql-hackers@lists.postgresql.org Subject: Re: Proposal: Support custom authentication methods using hooks Message-ID: <20220228214255.GO10577@tamriel.snowman.net> References: <1737574.1645753674@sss.pgh.pa.us> <54dc198b56a87e31e9625405383f04a8c6589b8b.camel@j-davis.com> <1905579.1645810764@sss.pgh.pa.us> <2718414dc095b716e59e126c03af343997d14c7b.camel@j-davis.com> <1980351.1645816239@sss.pgh.pa.us> <9004b18218eae293f1ee888e49d13d8a6b02810d.camel@j-davis.com> <20220228204634.GM10577@tamriel.snowman.net> <2738622.1646083128@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="RL02At1kLqUPtqvA" Content-Disposition: inline In-Reply-To: <2738622.1646083128@sss.pgh.pa.us> User-Agent: Mutt/1.5.24 (2015-08-30) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --RL02At1kLqUPtqvA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Greetings, * Tom Lane (tgl@sss.pgh.pa.us) wrote: > Stephen Frost writes: > > md5 should be removed. >=20 > Really? I've always thought that the arguments against it were > overblown for our use-case. At any rate, it's likely to be > years before we could practically do that, since it's the best > that older client libraries can manage. Yes, really, it's a known-broken system which suffers from such an old and well known attack that it's been given a name: pass-the-hash. As was discussed on this thread even, just the fact that it's not trivial to break on the wire doesn't make it not-broken, particularly when we use the username (which is rather commonly the same one used across multiple systems..) as the salt. Worse, md5 isn't exactly the pinnacle of hashing techniques around these days. The wiki page goes over it in some detail regarding LM/NTLM which suffers the same problem (and also uses a challenge-response for the over-the-network bits): https://en.wikipedia.org/wiki/Pass_the_hash Further, a whole bunch of effort was put in to get scram support added to the different libraries and language bindings and such, specifically to allow us to get to a point where we can drop md5. Even after it's removed, folks will have 5 years before the release that removes it is the oldest supported release. I don't think we'll somehow get agreement to remove it for v15, so it'll be 5 major versions of overlap (11->15) by the time v16 comes out, and a total of 10 years of support for scram before md5 is gone. That's plenty, it's time to move on. Keeping it around will just push out the point at which everyone will finally be done with it, as there's really only two groups: those who have already moved to scram, and those who won't move until they want to upgrade to a release that doesn't have md5. Thanks, Stephen --RL02At1kLqUPtqvA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJiHUHfAAoJEO1sijiDR2RVtIAQAMMnVCY3y3fDGZdviXGDKXcN IHqr4jQ/JWhnCY7SA8qZj6xo6cBLz3eSdl9SRGSwFoUvbw6ELIA4xVTLnoWuDBrk e60ks+rNXftN5AFu7fFY5KN2+zCECCdOFQorzZVkpcR5mXN7d8NTcNQuLsQPJVDI KqLHxZE23GKikbM6n4goJnGcOP/iWO2jwV2ziPPjMm3mKenRNpg+DkK55OS7Qmk0 inzmsyZdNH9mu1lxXZYrIm3cM7qY7VujC3JskAkXsLj7l7Z/ST5LLLsL/du7Hdnl 4eJuGEjYaFw/EOjNS6THsm2DNGC+Q4z4QtjWanernbgtp4txv4aZS7WcwucNe4oU 47a9VyYl8pHvIfJpcRTDuDsJPXDY1TK5NoeC80naH3EhqHGPF7bM9TmfHsg9cYeG 0cYrFW/kzYIrfKSQ67/73HThYS0mmYnBiQLbmPW9ebbs/prthrbSLzXXQM9WjCue YJqJzgpyMiMCujqCKV0hotqwqIhy8Dx4y3nNb1C2+a8mPdcd/PYT5hOi5p1d1BTe Ib3YzQEXM5cGEBzeJikYx9eHQb4LKqicCFtazib1h21SWL8hk8/8pRgTyuEQOoQ6 nLa8iPc9V099XjINpRnDUll71Jq6j4k4vy5jQD5CaRJ05qKit4POv4Na7bSPanqk FOW47nnkhn2VhOFzs1dj =3M91 -----END PGP SIGNATURE----- --RL02At1kLqUPtqvA--