Home > mailing lists

Re: reducing our reliance on MD5 - Mailing list pgsql-hackers

From	Arthur Silva
Subject	Re: reducing our reliance on MD5
Date	February 11, 2015 02:56:33
Msg-id	CAO_YK0XM44q4Z7gKpfCFtFWVTKN8DLJC=rAEzTiMYs8yog6A7A@mail.gmail.com Whole thread
In response to	Re: reducing our reliance on MD5 (Peter Geoghegan <pg@heroku.com>)
List	pgsql-hackers

Tree view

On Tue, Feb 10, 2015 at 11:25 PM, Peter Geoghegan <pg@heroku.com> wrote:

On Tue, Feb 10, 2015 at 5:22 PM, Arthur Silva <arthurprs@gmail.com> wrote:
> I assume if the hacker can intercept the server unencrypted traffic and/or
> has access to its hard-drive the database is compromised anyway.

That sounds like an argument against hashing the passwords in general.

--
Peter Geoghegan

Indeed.

In a perfect world SCRAM would be the my choice. FWIW Mongodb 3.0 also uses SCRAM as the preferred method for password based authentication.

pgsql-hackers by date:

From: Robert Haas
Date: 11 February 2015, 02:55:34
Subject: Re: reducing our reliance on MD5

From: Tom Lane
Date: 11 February 2015, 03:57:23
Subject: Re: reducing our reliance on MD5

Re: reducing our reliance on MD5 - Mailing list pgsql-hackers

Previous

Next