Re: [HACKERS] Changing references of password encryption to hashing - Mailing list pgsql-hackers

From Robert Haas
Subject Re: [HACKERS] Changing references of password encryption to hashing
Date
Msg-id CA+TgmoYLs3RsN_i_PEnS6MsRJvY_Cy=f+W7Yx=dQkDQXEKHBhQ@mail.gmail.com
Whole thread Raw
In response to Re: [HACKERS] Changing references of password encryption to hashing  (Nathan Bossart <nathandbossart@gmail.com>)
List pgsql-hackers
On Wed, Nov 29, 2023 at 5:02 PM Nathan Bossart <nathandbossart@gmail.com> wrote:
> On Wed, Nov 29, 2023 at 04:02:11PM -0500, Robert Haas wrote:
> > I'd fully support having good documentation that says "hey, here are
> > the low security authentication configurations, here are the
> > medium-security ones, here are the high security ones, and here's why
> > these ones are better than those ones and what they protect against
> > and what risks remain." That would be awesome.
>
> +1.  IMO the "Password Authentication" section [0] does this pretty well
> already.

That's limited to just the password-based methods, though, so some
broader discussion of the whole suite of available techniques could be
useful. It does call out the known weaknesses of the md5 and password,
though, which is good.

--
Robert Haas
EDB: http://www.enterprisedb.com



pgsql-hackers by date:

Previous
From: "Andrey M. Borodin"
Date:
Subject: Re: Transaction timeout
Next
From: Matthias van de Meent
Date:
Subject: Re: Parallel CREATE INDEX for BRIN indexes