Re: MD5 authentication needs help

On Thu, Mar  5, 2015 at 11:15:55AM -0500, Stephen Frost wrote:
> * Bruce Momjian (bruce@momjian.us) wrote:
> > On Wed, Mar  4, 2015 at 05:56:25PM -0800, Josh Berkus wrote:
> > > So, are we more worried about attackers getting a copy of pg_authid, or
> > > sniffing the hash on the wire?
> > 
> > Both.  Stephen is more worried about pg_authid, but I am more worried
> > about sniffing.
> 
> I'm also worried about both, but if the admin is worried about sniffing
> in their environment, they're much more likely to use TLS than to set up
> client side certificates, kerberos, or some other strong auth mechanism,
> simply because TLS is pretty darn easy to get working and distros set it
> up for you by default.

I think your view might be skewed.  I think there many people who care
about password security who don't care to do TLS.

Also, my suggestion to use a counter for the session salt, to reduce
replay from 16k to 4 billion, has not received any comments, and it does
not break the wire protocol.  I feel that is an incremental improvement
we should consider.

I think you are minimizing the downsize of your idea using X challenges
instead of 16k challenges to get in.  Again, if my idea is valid, it
would be X challenges vs 4 billion challenges.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + Everyone has their own god. +