On Thu, Mar 5, 2015 at 11:15:55AM -0500, Stephen Frost wrote:
> * Bruce Momjian (bruce@momjian.us) wrote:
> > On Wed, Mar 4, 2015 at 05:56:25PM -0800, Josh Berkus wrote:
> > > So, are we more worried about attackers getting a copy of pg_authid, or
> > > sniffing the hash on the wire?
> >
> > Both. Stephen is more worried about pg_authid, but I am more worried
> > about sniffing.
>
> I'm also worried about both, but if the admin is worried about sniffing
> in their environment, they're much more likely to use TLS than to set up
> client side certificates, kerberos, or some other strong auth mechanism,
> simply because TLS is pretty darn easy to get working and distros set it
> up for you by default.
I think your view might be skewed. I think there many people who care
about password security who don't care to do TLS.
Also, my suggestion to use a counter for the session salt, to reduce
replay from 16k to 4 billion, has not received any comments, and it does
not break the wire protocol. I feel that is an incremental improvement
we should consider.
I think you are minimizing the downsize of your idea using X challenges
instead of 16k challenges to get in. Again, if my idea is valid, it
would be X challenges vs 4 billion challenges.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ Everyone has their own god. +