Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jeLda-0007PU-4G
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 28 May 2020 16:44:10 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jeLdY-00064e-Ud
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 28 May 2020 16:44:08 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <sfrost@tamriel.snowman.net>)
	id 1jeLdY-00064X-Pg
	for pgsql-pkg-yum@lists.postgresql.org; Thu, 28 May 2020 16:44:08 +0000
Received: from tamriel.snowman.net ([96.255.250.162])
	by magus.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <sfrost@tamriel.snowman.net>)
	id 1jeLdW-0003iX-1z
	for pgsql-pkg-yum@postgresql.org; Thu, 28 May 2020 16:44:08 +0000
Received: by tamriel.snowman.net (Postfix, from userid 1000)
	id C579F5F79E; Thu, 28 May 2020 12:44:04 -0400 (EDT)
Date: Thu, 28 May 2020 12:44:04 -0400
From: Stephen Frost <sfrost@snowman.net>
To: Christoph Berg <myon@debian.org>,
	Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,
	Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>,
	Craig Ringer <craig@2ndquadrant.com>,
	pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
Subject: Re: Can we stop defaulting to 'md5'?
Message-ID: <20200528164404.GA6680@tamriel.snowman.net>
References: <20200520163509.GG3418@tamriel.snowman.net>
 <20200520153337.GE3418@tamriel.snowman.net>
 <20200528163856.GB107313@msg.df7cb.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="x+6KMIRAuhnl3hBn"
Content-Disposition: inline
In-Reply-To: <20200528163856.GB107313@msg.df7cb.de>
User-Agent: Mutt/1.5.24 (2015-08-30)
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk


--x+6KMIRAuhnl3hBn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Greetings,

* Christoph Berg (myon@debian.org) wrote:
> Re: Stephen Frost
> > postgresql.conf alone, but ultimately that's probably going to be up to
> > what Christoph is comfortable with.
>=20
> Re: Stephen Frost
> > If you leave it as 'md5' in pg_hba.conf, then *that* will do either md5,
> > or scram.  If you have 'scram-sha-256' in pg_hba.conf and only an 'md5'
> > password then it breaks.
>=20
> Fwiw "comfortable" and "it breaks" are the problem here. The whole
> picture is so utterly complicated that I'm still scared from reading
> the docs the first time around the time PG10 came about. In trainings
> I'm still telling people that md5 is the accepted standard because
> there's enough more interesting things to teach about PostgreSQL.

Ah, well, in trainings and talks I'm pushing to completely get rid of
md5 and to only accept using scram. :)

> Why do I have to decide *in pg_hba.conf* which hash algorithm is used?

Where else would you decide..?

> Why can't that just be "password"?

What would that mean?

> The password_encryption GUC should be the only place concerned with
> that, and it should only be used for new passwords. Existing passwords
> should just continue to work. *That* would allow seamless upgrades.

Sure, that'd be nice, but that isn't how it is today.  I argued for
similar during the scram implementation but not what ultimately ended up
happening.

> Getting this mess fixed would be good for security because then people
> will likely start using scram.

That's certainly true, though I hope we can convince people to use SCRAM
even given the modest effort required.

The point here though, really, is that *new* installations of PG have
very little reason to not use SCRAM.  The question on upgrades is
different, but that can be addressed with pg_upgradecluster, I would
think, without much trouble.

Thanks,

Stephen

--x+6KMIRAuhnl3hBn
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJez+pUAAoJEO1sijiDR2RVhVYP/jNSV9dC7tZXT4cl8QgQZ8e6
OIB04RlaDTxh4L8zURN6VE1gFrh6aT0V/2Yw2et0Ss3222qtY9DvuzJUhHCiIaMr
olca9EWcLnt9611J5HZPmGoUZvdSlbsfNHRGCowmGe9ND/TlePn1gbLoB2gKhJPZ
FUja+O2e9+4uvYZ/f+zewbLzyuqK1Pv454IpuigPGCUziqKWLusWGgr5CoRVQRN6
oUGmwGIZ49zYRG4zuvlo8yUcFkc5vC8fQby2XcxUqAECjl9bqiSQCT/cMeKK0UBJ
oWVDh8eLwD/cc2TZ/yuXNdhGwsnKQ/w+hT+z+lZXYVTgOcIp3YZwuRjzK3mGEQsd
3mt3Vr6A7ExjjmpfrPf9daJ+FIDf5nvJJ9jOxUQankBL1Azu8ThCGCmxBeUgpIMD
Eh8YUXXCo0KzdntYRLv8wBogoYE8lDpVtig+ZOHGYE6dHYums36XGn6xIaMwFbsA
B/jxJGXfqG0+v+Vbf4jk/tkkKEuBLIy2rNxS7kmvs2de/eZF7v7mkp+DtrLwT2HM
UaSWRmDjKvJGbxphzXcP/llXQsC1AuxJ+2ZMlkas7z2GSH+ZPlD0NmXxSp0VamFL
6J193GIK1BdW6gf4To0yJuHG0LRdKdjlo1RppohADG54PXzNw+/lZ2cqoaNuYTCj
mY1kYdr7cfg8Nv5W+4yQ
=kx6F
-----END PGP SIGNATURE-----

--x+6KMIRAuhnl3hBn--