SCRAM with channel binding downgrade attack
| От | Peter Eisentraut |
|---|---|
| Тема | SCRAM with channel binding downgrade attack |
| Дата | |
| Msg-id | c273d2ba-9404-7fb7-c045-876dd4a58685@2ndquadrant.com обсуждение исходный текст |
| Ответ на | Re: SCRAM with channel binding downgrade attack (Magnus Hagander <magnus@hagander.net>) |
| Список | pgsql-hackers |
On 6/28/18 09:35, Magnus Hagander wrote: > No, we absolutely still have SCRAM channel binding. > > *libpq* has no way to *enforce* it, meaning it always acts like our > default SSL config which is "use it if available but if it's not then > silently accept the downgrade". From a security perspective, it's just > as bad as our default ssl config, but unlike ssl you can't configure a > requirement in 11. Isn't this similar to what happened whenever we added a new or better password method? A MITM that didn't want to bother cracking MD5 could just alter the stream and request "password" authentication. Same with MD5->SCRAM, SCRAM->SCRAM+CB, and even a hypothetical future change in the SCRAM hashing method. Clearly, we need a more comprehensive solution for this. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: