On 11/02/15 02:30, Tom Lane wrote:
> [...]
>
>
> I think it would be wise to take two steps back and think about what
> the threat model is here, and what we actually need to improve.
> Offhand I can remember two distinct things we might wish to have more
> protection against:
>
> * scraping of passwords off the wire protocol (but is that still
> a threat in an SSL world?). Better salting practice would do more
> than replacing the algorithm as such for this, IMO.
mitm
We might consider it our problem or not, but in general terms
man-in-the-middle attacks, which are easy to implement in many
scenarios, are a scraping problem. In particular, I have seen tons of
developers turn off SSL validation during development and not turning
back it on for production, leaving servers vulnerable to password
scraping under mitm attacks. So I would always considering hashing anyway.
SCRAM seems to be a good solution anyway.
Regards,
Álvaro