Обсуждение: User password encryption using a stronger hashing function?
By default, postgresql encrypts user passwords using the MD5 hashing function. They can be seen as "md5....." in the rolpassword column of the pg_authid table. Is there a mechanism that allows us to change this default behavior such that postgresql can encrypt the passwords stored in the pg_authid table using a stronger hashing function such as SHA1?
Postgresql conf file has a property "ssl_ciphers" in which you can specify a list of ciphers. But they are only used on ssl connections and have no impact on the ciphers used in user password encryption. Is this correct?
No one has responded to my questions. I am wondering if anyone can point me to where in postgresql source code I can further look into the issue and explore the possibility of this change? Thanks.
Sent: Thursday, December 15, 2011 4:53 PM
To: pgsql-admin@postgresql.org
Subject: [ADMIN] User password encryption using a stronger hashing function?
By default, postgresql encrypts user passwords using the MD5 hashing function. They can be seen as "md5....." in the rolpassword column of the pg_authid table. Is there a mechanism that allows us to change this default behavior such that postgresql can encrypt the passwords stored in the pg_authid table using a stronger hashing function such as SHA1?
Postgresql conf file has a property "ssl_ciphers" in which you can specify a list of ciphers. But they are only used on ssl connections and have no impact on the ciphers used in user password encryption. Is this correct?
Zitat von "Liu, Jianli (Jianli)" <jlliu@avaya.com>: > No one has responded to my questions. I am wondering if anyone can > point me to where in postgresql source code I can further look into > the issue and explore the possibility of this change? Thanks. I was already looking for the same topic but could not find anything useful. Maybe no one is using the build-in password encryption, but does it at application level with transparent data access? Maybe one of the developers can explain why the choices for build-in password encryption are that limited. Regards Andreas
Вложения
On 22/12/2011 5:41 PM, lst_hoe02@kwsoft.de wrote: > Zitat von "Liu, Jianli (Jianli)" <jlliu@avaya.com>: > >> No one has responded to my questions. I am wondering if anyone can >> point me to where in postgresql source code I can further look into >> the issue and explore the possibility of this change? Thanks. > > I was already looking for the same topic but could not find anything > useful. Maybe no one is using the build-in password encryption, but > does it at application level with transparent data access? > > Maybe one of the developers can explain why the choices for build-in > password encryption are that limited. > I'm not a Pg dev, but I won't be surprised if the v3 protocol doesn't support other hash functions. I haven't looked into it. If you'd like to know more I suggest you search for things like "md5", "sha1", "sha256", "stronger hash" etc on the pogsql-hackers mailing list archives. The main downside of md5 as a password hash function is that the result is small and quick to compute the standard of today's hashes, so rainbow tables are easier to build and can have better coverage. Brute-force cracking is also faster but there's not as much difference there. If you have a need for stronger hashing functions you might want to contact one of the consultants who does contract work on PostgreSQL development and find out what'd be involved in funding the development of the feature. Think about why you need it first, though; what threat(s) are you trying to protect from? -- Craig Ringer
Zitat von Craig Ringer <ringerc@ringerc.id.au>: > On 22/12/2011 5:41 PM, lst_hoe02@kwsoft.de wrote: >> Zitat von "Liu, Jianli (Jianli)" <jlliu@avaya.com>: >> >>> No one has responded to my questions. I am wondering if anyone can >>> point me to where in postgresql source code I can further look >>> into the issue and explore the possibility of this change? Thanks. >> >> I was already looking for the same topic but could not find >> anything useful. Maybe no one is using the build-in password >> encryption, but does it at application level with transparent data >> access? >> >> Maybe one of the developers can explain why the choices for >> build-in password encryption are that limited. >> > I'm not a Pg dev, but I won't be surprised if the v3 protocol > doesn't support other hash functions. I haven't looked into it. If > you'd like to know more I suggest you search for things like "md5", > "sha1", "sha256", "stronger hash" etc on the pogsql-hackers mailing > list archives. > > The main downside of md5 as a password hash function is that the > result is small and quick to compute the standard of today's hashes, > so rainbow tables are easier to build and can have better coverage. > Brute-force cracking is also faster but there's not as much > difference there. > > If you have a need for stronger hashing functions you might want to > contact one of the consultants who does contract work on PostgreSQL > development and find out what'd be involved in funding the > development of the feature. Think about why you need it first, > though; what threat(s) are you trying to protect from? The reasoning is that if your Database content get lost your passwords are in danger to be decrypted todays with md5 hash and most of the time passwords are reused at other places. With stronger hashes at least the password itself would be somewhat safe. But as said in many environment the application does not use database users anyway, but does its own user management with hopefully stronger encryption of the passwords. Thanks Andreas
Вложения
On Wed, Dec 28, 2011 at 11:13:22AM +0100, lst_hoe02@kwsoft.de wrote: > Zitat von Craig Ringer <ringerc@ringerc.id.au>: > > >On 22/12/2011 5:41 PM, lst_hoe02@kwsoft.de wrote: > >>Zitat von "Liu, Jianli (Jianli)" <jlliu@avaya.com>: > >> > >>>No one has responded to my questions. I am wondering if anyone > >>>can point me to where in postgresql source code I can further > >>>look into the issue and explore the possibility of this > >>>change? Thanks. > >> > >>I was already looking for the same topic but could not find > >>anything useful. Maybe no one is using the build-in password > >>encryption, but does it at application level with transparent > >>data access? > >> > >>Maybe one of the developers can explain why the choices for > >>build-in password encryption are that limited. > >> > >I'm not a Pg dev, but I won't be surprised if the v3 protocol > >doesn't support other hash functions. I haven't looked into it. If > >you'd like to know more I suggest you search for things like > >"md5", "sha1", "sha256", "stronger hash" etc on the pogsql-hackers > >mailing list archives. > > > >The main downside of md5 as a password hash function is that the > >result is small and quick to compute the standard of today's > >hashes, so rainbow tables are easier to build and can have better > >coverage. Brute-force cracking is also faster but there's not as > >much difference there. > > > >If you have a need for stronger hashing functions you might want > >to contact one of the consultants who does contract work on > >PostgreSQL development and find out what'd be involved in funding > >the development of the feature. Think about why you need it first, > >though; what threat(s) are you trying to protect from? > > The reasoning is that if your Database content get lost your > passwords are in danger to be decrypted todays with md5 hash and > most of the time passwords are reused at other places. With stronger > hashes at least the password itself would be somewhat safe. But as > said in many environment the application does not use database users > anyway, but does its own user management with hopefully stronger > encryption of the passwords. > > Thanks > > Andreas > Exactly. You need to use GSSAPI or something else to secure it. Then the passwords are not available to be decrypted in the database and you can use much more extensive encryption for them. Regards, Ken
On Wed, Dec 28, 2011 at 08:25:54AM -0600, ktm@rice.edu wrote: > > >If you have a need for stronger hashing functions you might want > > >to contact one of the consultants who does contract work on > > >PostgreSQL development and find out what'd be involved in funding > > >the development of the feature. Think about why you need it first, > > >though; what threat(s) are you trying to protect from? > > > > The reasoning is that if your Database content get lost your > > passwords are in danger to be decrypted todays with md5 hash and > > most of the time passwords are reused at other places. With stronger > > hashes at least the password itself would be somewhat safe. But as > > said in many environment the application does not use database users > > anyway, but does its own user management with hopefully stronger > > encryption of the passwords. > > > > Thanks > > > > Andreas > > > Exactly. You need to use GSSAPI or something else to secure it. Then > the passwords are not available to be decrypted in the database and > you can use much more extensive encryption for them. The limitations of MD5 do not apply to the way we use MD5 to store passwords in Postgres; see: http://archives.postgresql.org/pgsql-hackers/2008-01/msg00846.php -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +