* Heikki Linnakangas (hlinnaka@iki.fi) wrote:
> On 14 December 2016 20:12:05 EET, Bruce Momjian <bruce@momjian.us> wrote:
> >On Wed, Dec 14, 2016 at 11:27:15AM +0100, Magnus Hagander wrote:
> >> I would so like to just drop support for plain passwords completely
> >:) But
> >> there's a backwards compatibility issue to think about of course.
> >>
> >> But -- is there any actual usecase for them anymore?
> >
> >I thought we recommended 'password' for SSL connections because if you
> >use MD5 passwords the password text layout is known and that simplifies
> >cryptanalysis.
>
> No, that makes no sense. And whether you use 'password' or 'md5' authentication is a different question than whether
youstore passwords in plaintext or as md5 hashes. Magnus was asking whether it ever makes sense to *store* passwords in
plaintext.
Right.
> Since you brought it up, there is a legitimate argument to be made that 'password' authentication is more secure than
'md5',when SSL is used. Namely, if an attacker can acquire contents of pg_authid e.g. by stealing a backup tape, with
'md5'authentication he can log in as any user, using just the stolen hashes. But with 'password', he needs to reverse
thehash first. It's not a great difference, but it's something.
Tunnelled passwords which are stored as hashes is also well understood
and comparable to SSH with passwords in /etc/passwd.
Storing plaintext passwords has been bad form for just about forever and
I wouldn't be sad to see our support of it go. At the least, as was
discussed somewhere, but I'm not sure where it ended up, we should give
administrators the ability to control what ways a password can be
stored. In particular, once a user has migrated all of their users to
SCRAM, they should be able to say "don't let new passwords be in any
format other than SCRAM-SHA-256".
Thanks!
Stephen