crypt auth

Started by Magnus Haganderover 17 years ago6 messageshackers

magnus@hagander.net

over 17 years ago

I notice our docs have:

If you are at all concerned about password
<quote>sniffing</> attacks then <literal>md5</> is preferred, with
<literal>crypt</> to be used only if you must support pre-7.2
clients. Plain <literal>password</> should be avoided especially for

At what point do we just remove the support and say that people need to
upgrade their clients? Sure, it's up to ppl not to configure it that
way, but security-wise it's a foot-gun that I think is completely
unnecessary.

//Magnus

Peter Eisentraut

peter_e@gmx.net

over 17 years ago

In reply to: Magnus Hagander (#1)

Re: crypt auth

Magnus Hagander wrote:

I notice our docs have:

If you are at all concerned about password
<quote>sniffing</> attacks then <literal>md5</> is preferred, with
<literal>crypt</> to be used only if you must support pre-7.2
clients. Plain <literal>password</> should be avoided especially for

At what point do we just remove the support and say that people need to
upgrade their clients? Sure, it's up to ppl not to configure it that
way, but security-wise it's a foot-gun that I think is completely
unnecessary.

AFAICT, removing an authentication method requires a protocol version
bump. If you think it is worth dealing with those complications, then
go for it. I think it might be worth it.

Tom Lane

tgl@sss.pgh.pa.us

over 17 years ago

In reply to: Peter Eisentraut (#2)

Re: crypt auth

Peter Eisentraut <peter_e@gmx.net> writes:

AFAICT, removing an authentication method requires a protocol version
bump.

Why would it require that? There would just be some auth method codes
that remain reserved but aren't used anymore.

regards, tom lane

Peter Eisentraut

peter_e@gmx.net

over 17 years ago

In reply to: Tom Lane (#3)

Re: crypt auth

Tom Lane wrote:

Peter Eisentraut <peter_e@gmx.net> writes:

AFAICT, removing an authentication method requires a protocol version
bump.

Why would it require that? There would just be some auth method codes
that remain reserved but aren't used anymore.

Yeah, I was mistaken. AuthenticationCryptPassword would remain in the
protocol definition, but the server would just never send it.

Magnus Hagander

magnus@hagander.net

over 17 years ago

In reply to: Peter Eisentraut (#4)

Re: crypt auth

Peter Eisentraut wrote:

Tom Lane wrote:

Peter Eisentraut <peter_e@gmx.net> writes:

AFAICT, removing an authentication method requires a protocol version
bump.

Why would it require that? There would just be some auth method codes
that remain reserved but aren't used anymore.

Yeah, I was mistaken. AuthenticationCryptPassword would remain in the
protocol definition, but the server would just never send it.

Since I've seen no actual objections to this happening, I will go ahead
and do it unless someone objects explicitly :-)

//Magnus

Magnus Hagander

magnus@hagander.net

over 17 years ago

In reply to: Magnus Hagander (#1)

Re: crypt auth

Magnus Hagander wrote:

I notice our docs have:

If you are at all concerned about password
<quote>sniffing</> attacks then <literal>md5</> is preferred, with
<literal>crypt</> to be used only if you must support pre-7.2
clients. Plain <literal>password</> should be avoided especially for

At what point do we just remove the support and say that people need to
upgrade their clients? Sure, it's up to ppl not to configure it that
way, but security-wise it's a foot-gun that I think is completely
unnecessary.

Here's a patch that does this. Will apply unless there are objections.

//Magnus

crypt auth

Attachments: