Re: Rejecting weak passwords

On Thu, Oct 15, 2009 at 6:43 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> If we were using some kind of real public key system and someone
>> suggested breaking it to add password complexity checking, I would
>> understand the outrage here.  But I don't understand why everyone is
>> so worked up about having an *optional* *flag* to force plaintext
>> instead of MD5.  I might be wrong here, but can't a determined
>> attacker brute-force an MD5 anyway?  The very fact that people are
>> suggesting that password checking might be feasible even on a
>> pre-MD5'd password by using a dictionary suggests that we're not
>> getting a whole lot of real security here.  And even if not, dude,
>> it's an *optional* *flag*.
>
> Yes, and it's an optional flag that could perfectly well be implemented
> in the plugin that I think we do have consensus to add a hook for.
> The argument is over why do we need to litter the core system with it.

I already said that would suit me. The only other requirement I would
have is a way for pgAdmin or other clients to figure out if that flag
was set so they could construct queries appropriately (and yes, that
could include refusing to send plain text passwords over non-SSL
connections).

--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com