Participants
PG Bug reporting form
PG Bug reporting form
Peter Eisentraut
Peter Eisentraut
Shay Rojansky
Shay Rojansky
Attachments
Download Latest Patchset
+9-26
Show all attachments
Thread Outline
#1PG Bug reporting formPG Bug reporting form
Feb 02, 2018
#2Peter EisentrautPeter Eisentrautto PG Bug reporting form (#1)
Feb 03, 2018
#3Shay RojanskyShay Rojanskyto Peter Eisentraut (#2)
Feb 03, 2018

Update encryption options doc for SCRAM-SHA-256

Started by PG Bug reporting formabout 8 years ago3 messagesdocs
Jump to latest
#1PG Bug reporting form
PG Bug reporting form
noreply@postgresql.org

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/10/static/encryption-options.html
Description:

Section "18.8. Encryption Options" only mentions MD5 as the password storage
encryption mechanism, although PostgreSQL 10 introduced the superior SHA256
- somebody looking at the docs would get a bad idea of PostgreSQL's
capabilities...

#2Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: PG Bug reporting form (#1)
Re: Update encryption options doc for SCRAM-SHA-256

On 2/2/18 18:42, PG Doc comments form wrote:

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/10/static/encryption-options.html
Description:

Section "18.8. Encryption Options" only mentions MD5 as the password storage
encryption mechanism, although PostgreSQL 10 introduced the superior SHA256
- somebody looking at the docs would get a bad idea of PostgreSQL's
capabilities...

I propose the attached patch. I have combined the password storage and
password transmission items, because I don't want to go into the details
of how SCRAM works on the wire.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Attachments:

0001-doc-Update-mentions-of-MD5-in-the-documentation.patchtext/plain; charset=UTF-8; name=0001-doc-Update-mentions-of-MD5-in-the-documentation.patch; x-mac-creator=0; x-mac-type=0Download+9-26
#3Shay Rojansky
Shay Rojansky
roji@roji.org
In reply to: Peter Eisentraut (#2)
Re: Update encryption options doc for SCRAM-SHA-256

Thanks for your attention to this.

I'm definitely not a cryptography expert, but it seems to me that the
actual mechanisms (MD5, SHA-256) are more important than the protocols used
to negotiate them (SASL, SCRAM). When some security expert unfamiliar with
PostgreSQL goes over itss documentation to determine whether it's secure, I
think it's important to make sure that the word SHA-256 is actually there.

On Sat, Feb 3, 2018 at 8:30 AM, Peter Eisentraut <
peter.eisentraut@2ndquadrant.com> wrote:

Show quoted text

On 2/2/18 18:42, PG Doc comments form wrote:

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/10/static/encryption-options.html
Description:

Section "18.8. Encryption Options" only mentions MD5 as the password

storage

encryption mechanism, although PostgreSQL 10 introduced the superior

SHA256

- somebody looking at the docs would get a bad idea of PostgreSQL's
capabilities...

I propose the attached patch. I have combined the password storage and
password transmission items, because I don't want to go into the details
of how SCRAM works on the wire.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

← Back to Topics