Deprecate MD5 passwords.
MD5 has been considered to be unsuitable for use as a cryptographic
hash algorithm for some time. Furthermore, MD5 password hashes in
PostgreSQL are vulnerable to pass-the-hash attacks, i.e., knowing
the username and hashed password is sufficient to authenticate.
The SCRAM-SHA-256 method added in v10 is not subject to these
problems and is considered to be superior to MD5.
This commit marks MD5 password support in PostgreSQL as deprecated
and to be removed in a future release. The documentation now
contains several deprecation notices, and CREATE ROLE and ALTER
ROLE now emit deprecation warnings when setting MD5 passwords. The
warnings can be disabled by setting the md5_password_warnings
parameter to "off".
Reviewed-by: Greg Sabino Mullane, Jim Nasby
Discussion: https://postgr.es/m/ZwbfpJJol7lDWajL%40nathan
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/db6a4a985bc09d260d5c29848e3c97f080646a53
Modified Files
--------------
contrib/passwordcheck/expected/passwordcheck.out | 1 +
contrib/passwordcheck/expected/passwordcheck_1.out | 1 +
contrib/passwordcheck/sql/passwordcheck.sql | 1 +
doc/src/sgml/catalogs.sgml | 9 ++++++++
doc/src/sgml/client-auth.sgml | 17 +++++++++++++++
doc/src/sgml/config.sgml | 24 ++++++++++++++++++++++
doc/src/sgml/libpq.sgml | 9 ++++++++
doc/src/sgml/protocol.sgml | 8 ++++++++
doc/src/sgml/ref/create_role.sgml | 8 ++++++++
doc/src/sgml/runtime.sgml | 10 +++++++++
src/backend/libpq/crypt.c | 10 +++++++++
src/backend/utils/misc/guc_tables.c | 9 ++++++++
src/backend/utils/misc/postgresql.conf.sample | 1 +
src/include/libpq/crypt.h | 3 +++
src/test/regress/expected/password.out | 15 ++++++++++++++
src/test/regress/expected/password_1.out | 9 ++++++++
16 files changed, 135 insertions(+)
