Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[enh] PostgreSQL password security #762

Open
wants to merge 8 commits into
base: stretch-unstable
from

Conversation

@madtibo
Copy link

commented Jul 24, 2019

The problem

PostgreSQL authentication are done using clear text password.

Solution

Use an authentication using md-5 hashed password.
This should be transparent for all applications.

PR Status

...

How to test

...

Validation

  • Principle agreement 0/2 :
  • Quick review 0/1 :
  • Simple test 0/1 :
  • Deep review 0/1 :

@madtibo madtibo changed the title PostgreSQL password security [enh] PostgreSQL password security Jul 24, 2019

@Psycojoker

This comment has been minimized.

Copy link
Member

commented Jul 24, 2019

Hello,

I don't see any commit by you in https://github.com/YunoHost/yunohost/pull/762/commits, perhaps you've pushed the wrong branch?

Also today md5 is sadly close to being clear text :/ We should at least aim for a minimum of sha-256 and if possible as much as sha3-512 if it's supported.

Any, thanks a lot for your contribution ❤️

@madtibo

This comment has been minimized.

Copy link
Author

commented Jul 24, 2019

Oups, you are totally right!
Here is the commit :-)

md-5 is the most secure solution for authentication in PostgreSQL 9.6.
There is a more secure option in version 10 (scram-sha-256).

@Psycojoker

This comment has been minimized.

Copy link
Member

commented Jul 24, 2019

Thx!

We are moving to postgresql version 11 in buster, I guess it will really be the right time to update that code again at that time cc @alexAubin

Since md5 is really really weak (it's so fast to compute that it's more or less plaintext from every security stuff I've read) I'm not sure it's worth it to upgrade to it but I guess it can't do any damage? I don't have any strong opinion on that.

@madtibo

This comment has been minimized.

Copy link
Author

commented Jul 26, 2019

In version 11, md5 will permit both md5 and scram-sha-256 authentication, depending on the way the password is generated. There should be no need to update the code.

Light security is always better than no security. Even if md5 is weak, it is much better than clear text authentication.

@alexAubin

This comment has been minimized.

Copy link
Member

commented Jul 26, 2019

Just to understand better : here we're talking about how passwords are stored on the system right ?

@madtibo

This comment has been minimized.

Copy link
Author

commented Jul 26, 2019

Just to understand better : here we're talking about how passwords are stored on the system right ?

No, the password are always stored hashed (either md5 or scram-sha-256 from version 10).
The pg_hba configuration set the way the authentication is done.
The documentation states:
The method password sends the password in clear-text and is therefore vulnerable to password “sniffing” attacks. It should always be avoided if possible. If the connection is protected by SSL encryption then password can be used safely, though. (Though SSL certificate authentication might be a better choice if one is depending on using SSL).

Since we do not enforce SSL only connections, the password method should not be used.

@alexAubin

This comment has been minimized.

Copy link
Member

commented Jul 26, 2019

Uh wokay ? I'm not sure to understand how an auth mechanism can work other than sending the cleartext password or using asymetric keys :D Do you have a link on that ?

@madtibo

This comment has been minimized.

Copy link
Author

commented Jul 26, 2019

Here is a description from the documentation: https://www.postgresql.org/docs/9.6/auth-methods.html#AUTH-PASSWORD

@alexAubin

This comment has been minimized.

Copy link
Member

commented Jul 26, 2019

Okay I think I also found https://stackoverflow.com/a/34098797 so from what I understands, the server sends a nonce and the client is supposed to hash some info, and so the server side

Dunno much about how bad md5 is, but my understanding is that it's especially vulnerable to collision attacks where you generate a document B which has the same hash as A. But here since it's about generating a hash from a username:password:nonce combination so it doesn't sounds so bad to use md5 (still agree that sha-whatever seems much more robust in general - and possibly I have no idea what I'm talking about :D)

Cheers !

@alexAubin alexAubin added this to the 3.7.x milestone Jul 26, 2019

@madtibo

This comment has been minimized.

Copy link
Author

commented Jul 26, 2019

Dunno much about how bad md5 is (...)

This method can be subject to man-in-the-middle attack, that is why scram-sha-256 now exists. There is a double secret exchange in scram-sha-256 that mitigate the risk.

@alexAubin

This comment has been minimized.

Copy link
Member

commented Jul 26, 2019

Alrighty thank very much for all the answers / explanation / commits ! Will get back to you during next week and we can merge sometimes soon™

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.