Re: Successor of MD5 authentication, let's use SCRAM
| От | Marko Kreen |
|---|---|
| Тема | Re: Successor of MD5 authentication, let's use SCRAM |
| Дата | |
| Msg-id | CACMqXC+d48oYoNaXG5+v9jfRYkkG4gc63TZqMYRLoEMxaKj9pw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Successor of MD5 authentication, let's use SCRAM (Marko Kreen <markokr@gmail.com>) |
| Список | pgsql-hackers |
On Wed, Oct 10, 2012 at 4:24 PM, Marko Kreen <markokr@gmail.com> wrote: > The SCRAM looks good from the quick glance. SCRAM does have weakness - the info necessary to log in as client (ClientKey) is exposed during authentication process. IOW, the stored auth info can be used to log in as client, if the attacker can listen on or participate in login process. The random nonces used during auth do not matter, what matters is that the target server has same StoredKey (same password, salt and iter). It seems this particular attack is avoided by SRP. This weakness can be seen as feature tho - it can be used by poolers to "cache" auth info and re-connect to server later. They need full access to stored keys still. But it does make it give different security guaratees depending whether SSL is in use or not. -- marko
В списке pgsql-hackers по дате отправления: