Re: reducing our reliance on MD5

On 02/11/2015 04:40 PM, Tom Lane wrote:
> José Luis Tallón <jltallon@adv-solutions.net> writes:
>> In any case, just storing the "password BLOB"(text or base64 encoded)
>> along with a mechanism identifier would go a long way towards making
>> this part pluggable... just like we do with LDAP/RADIUS/Kerberos/PAM today.
> That's exactly the direction we must NOT go.
>
> Upgrading the security of stored passwords in pg_authid is at least as
> important as upgrading the wire protocol security; very possibly more so.
> Any solution that requires cleartext passwords to be kept by the server
> is simply not going to be accepted.

I definitively haven't explained myself properly.
I *never* suggested storing plaintext in pg_authid, but using plaintext 
authentication (which can always be matched against an on-disk hash, 
whatever the type) as a fallback to allow for seamless upgrades of security.    (once you are authenticated by using
theold credentials, the 
 
server can transparently store the new hash)

When I referred to a "text or base64 encoded" I never implied on-disk 
plaintext (unless the user specifically requires that, which they might).


To avoid ambiguities, my proposal closely mimicks Dovecot's 
implementation of password schemes and credential upgrades    http://wiki2.dovecot.org/Authentication/PasswordSchemes




Thanks,
    J.L.