Home > mailing lists

Re: postmaster.c and random keys/salts - Mailing list pgsql-bugs

From	Bruce Momjian
Subject	Re: postmaster.c and random keys/salts
Date	November 19, 2013 21:25:33
Msg-id	20131119182529.GQ28149@momjian.us Whole thread Raw
In response to	postmaster.c and random keys/salts (Jeffrey Walton <noloader@gmail.com>)
List	pgsql-bugs

Tree view

On Wed, Nov 13, 2013 at 03:23:29AM -0500, Jeffrey Walton wrote:
> The following is used to key a channel (it appears to be used in the
> AUTH_REQ_MD5 in fe-auth.c).
>
> Four bytes is a tad bit small, and time based does not leave much to
> the imagination. Also, it looks like its susceptible to VM roillbacks.

Yes, it is too small.  The odds of salt replay are in the 10k-connection
range.  However, to fix it, we would need a new wire protocol version.
:-(

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + Everyone has their own god. +

pgsql-bugs by date:

From: Tom Lane
Date: 19 November 2013, 20:52:17
Subject: Re: BUG #8605: Regular expression lazy quantification issue

From:
Date: 19 November 2013, 23:13:26
Subject: pg_upgrade fails while attempting to Upgrade from postgreSQL 9.1.10 to PostgreSQL 9.3.0

Re: postmaster.c and random keys/salts - Mailing list pgsql-bugs

Previous

Next