Not storing MD5 hashed passwords

Started by Quiroga, Damianover 10 years ago7 messagesgeneral
Jump to latest
#1Quiroga, Damian
damian.quiroga@intel.com

Hi,

In case someone knows...

Does postgres support other (stronger) hashing algorithms than MD5 to store the database passwords at disk?
If not, is there any plan to move away from MD5?

Thanks,

Damian

#2John R Pierce
pierce@hogranch.com
In reply to: Quiroga, Damian (#1)
Re: Not storing MD5 hashed passwords

On 10/14/2015 1:31 PM, Quiroga, Damian wrote:

Does postgres support other (stronger) hashing algorithms than MD5 to
store the database passwords at disk?

If not, is there any plan to move away from MD5?

if you can read the password database, you already have superuser access
to the full database.... so what threat does a stronger hash address?

if you need stronger security, don't use passwords, use ssl
certificates, or LDAP, or something.

--
john r pierce, recycling bits in santa cruz

#3Joshua D. Drake
jd@commandprompt.com
In reply to: Quiroga, Damian (#1)
Re: Not storing MD5 hashed passwords

On 10/14/2015 01:31 PM, Quiroga, Damian wrote:

Hi,

In case someone knows�

Does postgres support other (stronger) hashing algorithms than MD5 to
store the database passwords at disk?

No.

If not, is there any plan to move away from MD5?

Not currently although it has been mentioned. However, you can use PAM
or any number of other auth mechanisms to achieve the desired result.

JD

Thanks,

Damian

--
Command Prompt, Inc. - http://www.commandprompt.com/ 503-667-4564
PostgreSQL Centered full stack support, consulting and development.
New rule for social situations: "If you think to yourself not even
JD would say this..." Stop and shut your mouth. It's going to be bad.

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

#4Jeff Janes
jeff.janes@gmail.com
In reply to: John R Pierce (#2)
Re: Not storing MD5 hashed passwords

On Wed, Oct 14, 2015 at 1:41 PM, John R Pierce <pierce@hogranch.com> wrote:

On 10/14/2015 1:31 PM, Quiroga, Damian wrote:

Does postgres support other (stronger) hashing algorithms than MD5 to
store the database passwords at disk?

If not, is there any plan to move away from MD5?

There are proposals to do so, the most advanced one I know of is with
SCRAM. But I don't think any of them have turned into actual plans yet.
But you are not restricted to PostgreSQL's built in password authentication
methods, you can use its options for PAM, LDAP, RADIUS, GSSAPI, or SSPI, in
which case it doesn't store passwords at all but delegates that to someone
else.

if you can read the password database, you already have superuser access to

the full database

Unless you've captured a backup tape, or scraped some bits off a
not-quite-degaussed-enough discarded hard drive,or any number of other
things that can get you an offline copy of some (or all) of the data, but
doesn't give you live access to the running database (until you hack the
passwords)

Cheers,

Jeff

#5Quiroga, Damian
damian.quiroga@intel.com
In reply to: Jeff Janes (#4)
Re: Not storing MD5 hashed passwords

Excellent answers. Thanks everyone.

From: pgsql-general-owner@postgresql.org [mailto:pgsql-general-owner@postgresql.org] On Behalf Of Jeff Janes
Sent: Wednesday, October 14, 2015 7:19 PM
To: John R Pierce
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] Not storing MD5 hashed passwords

On Wed, Oct 14, 2015 at 1:41 PM, John R Pierce <pierce@hogranch.com<mailto:pierce@hogranch.com>> wrote:
On 10/14/2015 1:31 PM, Quiroga, Damian wrote:

Does postgres support other (stronger) hashing algorithms than MD5 to store the database passwords at disk?
If not, is there any plan to move away from MD5?

There are proposals to do so, the most advanced one I know of is with SCRAM. But I don't think any of them have turned into actual plans yet. But you are not restricted to PostgreSQL's built in password authentication methods, you can use its options for PAM, LDAP, RADIUS, GSSAPI, or SSPI, in which case it doesn't store passwords at all but delegates that to someone else.

if you can read the password database, you already have superuser access to the full database

Unless you've captured a backup tape, or scraped some bits off a not-quite-degaussed-enough discarded hard drive,or any number of other things that can get you an offline copy of some (or all) of the data, but doesn't give you live access to the running database (until you hack the passwords)

Cheers,

Jeff

#6Michael Paquier
michael@paquier.xyz
In reply to: Jeff Janes (#4)
Re: Not storing MD5 hashed passwords

On Thu, Oct 15, 2015 at 7:19 AM, Jeff Janes <jeff.janes@gmail.com> wrote:

On Wed, Oct 14, 2015 at 1:41 PM, John R Pierce <pierce@hogranch.com> wrote:

On 10/14/2015 1:31 PM, Quiroga, Damian wrote:

Does postgres support other (stronger) hashing algorithms than MD5 to
store the database passwords at disk?

If not, is there any plan to move away from MD5?

There are proposals to do so, the most advanced one I know of is with SCRAM.
But I don't think any of them have turned into actual plans yet.

I would not be so sure, I heard of a patch regarding that for 9.6:
https://commitfest.postgresql.org/6/320/
--
Michael

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

#7Jeff Janes
jeff.janes@gmail.com
In reply to: Michael Paquier (#6)
Re: Not storing MD5 hashed passwords

On Wed, Oct 14, 2015 at 5:49 PM, Michael Paquier <michael.paquier@gmail.com>
wrote:

On Thu, Oct 15, 2015 at 7:19 AM, Jeff Janes <jeff.janes@gmail.com> wrote:

On Wed, Oct 14, 2015 at 1:41 PM, John R Pierce <pierce@hogranch.com>

wrote:

On 10/14/2015 1:31 PM, Quiroga, Damian wrote:

Does postgres support other (stronger) hashing algorithms than MD5 to
store the database passwords at disk?

If not, is there any plan to move away from MD5?

There are proposals to do so, the most advanced one I know of is with

SCRAM.

But I don't think any of them have turned into actual plans yet.

I would not be so sure, I heard of a patch regarding that for 9.6:
https://commitfest.postgresql.org/6/320/

Right, that is the proposal I was thinking of. I didn't think it had
enough community consensus yet on that specific design to promote it to a
"plan", though, rather than a proposal. I feel a bit guilty about not
having done more to review it, but it is a pretty intimidating thing to
review for someone not already an expert in the field.

Cheers,

Jeff