Home > mailing lists

Re: Successor of MD5 authentication, let's use SCRAM - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Successor of MD5 authentication, let's use SCRAM
Date	October 22, 2012 18:21:53
Msg-id	50856487.3020405@gmx.net Whole thread Raw
In response to	Re: Successor of MD5 authentication, let's use SCRAM (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Successor of MD5 authentication, let's use SCRAM (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On 10/12/12 3:44 PM, Stephen Frost wrote:
> wrt future-proofing, I don't like the "#-of-iterations" approach.  There
> are a number of examples of how to deal with multiple encryption types
> being supported by a protocol, I'd expect hash'ing could be done in the
> same way.  For example, Negotiate, SSL, Kerberos, GSSAPI, all have ways
> of dealing with multiple encryption/hashing options being supported.
> Multiple iterations could be supported through that same mechanism (as
> des/des3 were both supported by Kerberos for quite some time).
> 
> In general, I think it's good to build on existing implementations where
> possible.  Perhaps we could even consider using something which already
> exists for this?

Sounds like SASL to me.

pgsql-hackers by date:

From: Andrew Dunstan
Date: 22 October 2012, 17:57:58
Subject: Re: Successor of MD5 authentication, let's use SCRAM

From: Phil Sorber
Date: 22 October 2012, 18:47:23
Subject: Re: [WIP] pg_ping utility

Re: Successor of MD5 authentication, let's use SCRAM - Mailing list pgsql-hackers

Previous

Next