Re: [HACKERS] SCRAM in the PG 10 release notes

On 09/12/2017 04:09 AM, Noah Misch wrote:
> On Wed, May 10, 2017 at 10:50:51PM -0400, Bruce Momjian wrote:
>> On Mon, May  1, 2017 at 08:12:51AM -0400, Robert Haas wrote:
>>> On Tue, Apr 25, 2017 at 10:16 PM, Bruce Momjian <bruce@momjian.us> wrote:
>>>> Well, we could add "MD5 users are encouraged to switch to
>>>> SCRAM-SHA-256".  Now whether we want to list this as something on the
>>>> SCRAM-SHA-256 description, or mention it as an incompatibility, or
>>>> under Migration.  I am not clear that MD5 is in such terrible shape that
>>>> this is warranted.
>>>
>>> I think it's warranted.  The continuing use of MD5 has been a headache
>>> for some EnterpriseDB customers who have compliance requirements which
>>> they must meet.  It's not that they themselves necessarily know or
>>> care whether MD5 is secure, although in some cases they do; it's that
>>> if they use it, they will be breaking laws or regulations to which
>>> their business or agency is subject.  I imagine customers of other
>>> PostgreSQL companies have similar issues.  But leaving that aside, the
>>> advantage of SCRAM isn't merely that it uses a better algorithm to
>>> hash the password.  It has other advantages also, like not being
>>> vulnerable to replay attacks.  If you're doing password
>>> authentication, you should really be using SCRAM, and encouraging
>>> people to move to SCRAM after upgrading is a good idea.
>>>
>>> That having been said, SCRAM is a wire protocol break.  You will not
>>> be able to upgrade to SCRAM unless and until the drivers you use to
>>> connect to the database add support for it.  The only such driver
>>> that's part of libpq; other drivers that have reimplemented the
>>> PostgreSQL wire protocol will have to be updated with SCRAM support
>>> before it will be possible to use SCRAM with those drivers.  I think
>>> this should be mentioned in the release notes, too.  I also think it
>>> would be great if somebody would put together a wiki page listing all
>>> the popular drivers and (1) whether they use libpq or reimplement the
>>> wire protocol, and (2) if the latter, the status of any efforts to
>>> implement SCRAM, and (3) if those efforts have been completed, the
>>> version from which they support SCRAM.  Then, I think we should reach
>>> out to all of the maintainers of those driver authors who aren't
>>> moving to support SCRAM and encourage them to do so.
>>
>> I have added this as an open item because we will have to wait to see
>> where we are with driver support as the release gets closer.
> 
> With the release near, I'm promoting this to the regular open issues section.

Thanks.

I updated the list of drivers on the wiki 
(https://wiki.postgresql.org/wiki/List_of_drivers), adding a column for 
whether the driver supports SCRAM authentication. Currently, the only 
non-libpq driver that has implemented SCRAM is the JDBC driver. I 
submitted a patch for the Go driver, but it hasn't been committed yet.

As for a recommendation in the release notes, maybe something like 
"Installations using MD5 authentication are encouraged to switch to 
SCRAM-SHA-256, unless using older client programs or drivers that don't 
support it yet."

- Heikki


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers