Re: Successor of MD5 authentication, let's use SCRAM

From: Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org>
Subject: Re: Successor of MD5 authentication, let's use SCRAM
Date: 2013-09-12 14:41:22
Message-ID: 5231D292.8080402@vmware.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 12.09.2013 17:30, Andrew Dunstan wrote:
>
> On 09/12/2013 09:10 AM, Heikki Linnakangas wrote:
>>
>> I just found out that OpenSSL has added support for SRP in version
>> 1.0.1. We're already using OpenSSL, so all we need to do is to provide
>> a couple of callbacks to OpenSSL, and store SRP verifiers in pg_authid
>> instead of MD5 hashes, and we're golden.
>>
>> Well, not quite. There's one little problem: Currently, we first
>> initialize SSL, then read the startup packet which contains the
>> username and database to connect to. After that, we initialize
>> database access to the specified database, and only then we proceed
>> with authentication. That's not a problem for certificate
>> authentication, because certificate authentication doesn't require any
>> database access, but if we are to store the SRP verifiers in
>> pg_authid, we'll need to database access much earlier. Before we know
>> which database to connect to.
>
> You forgot to mention that we'd actually like to get away from being
> tied closely to OpenSSL because it has caused license grief in the past
> (not to mention that it's fairly dirty to manage).

Yeah. I've been looking more closely at the SRP API in OpenSSL; it's
completely undocumented. There are examples on the web and mailing lists
on how to use it, but no documentation. Hopefully that gets fixed
eventually.

GnuTLS also supports SRP. They even have documentation for it :-). The
API is slightly different than OpenSSL's, but not radically so. If we
are to start supporting multiple TLS libraries, we're going to need some
kind of a shim layer to abstract away the differences. Writing such a
shim for the SRP stuff wouldn't be much additional effort, once you have
the shim for all the other stuff in place.

- Heikki

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2013-09-12 15:33:40 Re: Successor of MD5 authentication, let's use SCRAM
Previous Message Stephen Frost 2013-09-12 14:39:44 Re: Successor of MD5 authentication, let's use SCRAM