Menu
Why is it not a security hole that PostgreSQL by default stores user passwords in an MD5 hash? I am studying the internals of PostgreSQL and have gotten to the system catelog pg_authid and when I read about the MD5 hash encryption it appears that it is regarded as antiquated. In my thinking if an admin or a user is able to access the underlying file store then they could hypothetically crack the passwords and do whatever said credentials would enable.
I ask why it is not a security hole because apparently PostgreSQL has been "Common Criteria Certified" which seems to be military grade secure according to it's wiki which notes it's provenance from western defense organizations.
Thanks!
673
For most systems, the default Postgres user is postgres and a password is not required for authentication. Thus, to add a password, we must first login and connect as the postgres user. If you successfully connected and are viewing the psql prompt, jump down to the Changing the Password section.
PostgreSQL database passwords are separate from operating system user passwords. The password for each database user is stored in the pg_authid system catalog. Passwords can be managed with the SQL commands CREATE ROLE and ALTER ROLE, e.g., CREATE ROLE foo WITH LOGIN PASSWORD 'secret' , or the psql command \password .
conf file (typically found in the Postgres data directory) defines the access rules and authentication methods for the data server.
Password authentication. The password-based authentication methods are md5 and password. These methods operate similarly except for the way that the password is sent across the connection, namely MD5-hashed and clear-text respectively. If you are at all concerned about password "sniffing" attacks then md5 is preferred.
First, PostgreSQL 10 adds SCRAM-SHA256 based on SASL, making this a moot point.
For older versions: It's a weakness, but it's not a large security hole for a number of reasons:
Internet-deployed PostgreSQL instances should be using SSL, preventing eavesdropping on the protocol. This greatly reduces the chances of successful password theft.
Passwords are twice-salted. The password stored on disk is hashed with a salt and the md5 digest is taken. But the password sent on the wire is re-salted and re-hashed with an authentication-exchange specific salt, so if you capture a hashed password on the wire you cannot simply replay it in a later authentication.
If you manage to get a few copies of the same twice-salted password by eavesdropping a plaintext connection, you could potentially exploit weaknesses in MD5 to find the once-salted version that's stored on disk, and use that to authenticate with the DB.
But it's a lot of work, and it's pretty much totally prevented by using SSL.
Personally speaking, I think the "Common Criteria" is close to a pile bureaucratic nonsense. It applies only to one specific install with very narrow, specific versions of everything from hardware on up. It should help exclude total snake-oil, but it sure doesn't prove anything is secure. (Hell, look at Government systems...)
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
