Jim and Bruce wrote:
> [ a lot of stuff ]
What this discussion seems to come down to is whether we should take a
backward step in one area of security (security against wire-sniffing)
to take a forward step in another (not storing plaintext passwords).
It seems largely a matter of local conditions which hazard you consider
greater (though I would note that anyone who is able to examine the
contents of pg_shadow has *already* broken into your database). Anyway,
I doubt anyone will convince anyone else to change sides on that point.
My take on the matter is that we shouldn't invest any more effort in
crypt-based solutions (here crypt means specifically crypt(3), it's
not a generic term). The future is double encryption using MD5 ---
or s/MD5/more-modern-hash-algorithm-of-your-choice/, the exact choice
is irrelevant to my point. We ought to get off our duffs and implement
that, then encourage people to migrate their clients ASAP. The crypt
code will be supported for awhile longer, but strictly as a
backwards-compatibility measure for old clients. There's no reason to
spend any additional work on it.
For the same reason I don't see any value in the idea of adding
crypt-based double encryption to clients. We don't really want to
support that over the long run, so why put effort into it?
regards, tom lane
