8000 Deprecate MD5 passwords. · postgrespro/postgres@db6a4a9 · GitHub
[go: up one dir, main page]
Skip to content

Commit db6a4a9

Browse files
nathan-bossartnathan-bossart
committed
Deprecate MD5 passwords.
MD5 has been considered to be unsuitable for use as a cryptographic hash algorithm for some time. Furthermore, MD5 password hashes in PostgreSQL are vulnerable to pass-the-hash attacks, i.e., knowing the username and hashed password is sufficient to authenticate. The SCRAM-SHA-256 method added in v10 is not subject to these problems and is considered to be superior to MD5. This commit marks MD5 password support in PostgreSQL as deprecated and to be removed in a future release. The documentation now contains several deprecation notices, and CREATE ROLE and ALTER ROLE now emit deprecation warnings when setting MD5 passwords. The warnings can be disabled by setting the md5_password_warnings parameter to "off". Reviewed-by: Greg Sabino Mullane, Jim Nasby Discussion: https://postgr.es/m/ZwbfpJJol7lDWajL%40nathan
1 parent 9717353 commit db6a4a9

File tree

16 files changed

+135
-0
lines changed

16 files changed

+135
-0
lines changed

contrib/passwordcheck/expected/passwordcheck.out

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
SET md5_password_warnings = off;
12
LOAD 'passwordcheck';
23
CREATE USER regress_passwordcheck_user1;
34
-- ok

contrib/passwordcheck/expected/passwordcheck_1.out

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
SET md5_password_warnings = off;
12
LOAD 'passwordcheck';
23
CREATE USER regress_passwordcheck_user1;
34
-- ok

contrib/passwordcheck/sql/passwordcheck.sql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
SET md5_password_warnings = off;
12
LOAD 'passwordcheck';
23

34
CREATE USER regress_passwordcheck_user1;

doc/src/sgml/catalogs.sgml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1618,6 +1618,15 @@
16181618
will store the md5 hash of <literal>xyzzyjoe</literal>.
16191619
</para>
16201620

1621+
<warning>
1622+
<para>
1623+
Support for MD5-encrypted passwords is deprecated and will be removed in a
1624+
future release of <productname>PostgreSQL</productname>. Refer to
1625+
<xref linkend="auth-password"/> for details about migrating to another
1626+
password type.
1627+
</para>
1628+
</warning>
1629+
16211630
<para>
16221631
If the password is encrypted with SCRAM-SHA-256, it has the format:
16231632
<synopsis>

doc/src/sgml/client-auth.sgml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -531,6 +531,15 @@ include_dir <replaceable>directory</replaceable>
531531
user's password. See <xref linkend="auth-password"/>
532532
for details.
533533
</para>
534+
<warning>
535+
<para>
536+
Support for MD5-encrypted passwords is deprecated and will be
537+
removed in a future release of
538+
<productname>PostgreSQL</productname>. Refer to
539+
<xref linkend="auth-password"/> for details about migrating to
540+
another password type.
541+
</para>
542+
</warning>
534543
</listitem>
535544
</varlistentry>
536545

@@ -1260,6 +1269,14 @@ omicron bryanh guest1
12601269
server is encrypted for SCRAM (see below), then SCRAM-based
12611270
authentication will automatically be chosen instead.
12621271
</para>
1272+
1273+
<warning>
1274+
<para>
1275+
Support for MD5-encrypted passwords is deprecated and will be removed
1276+
in a future release of <productname>PostgreSQL</productname>. Refer to
1277+
the text below for details about migrating to another password type.
1278+
</para>
1279+
</warning>
12631280
</listitem>
12641281
</varlistentry>
12651282

doc/src/sgml/config.sgml

Lines changed: 24 additions & 0 deletions
1133
Original file line numberDiff line numberDiff line change
@@ -1124,6 +1124,14 @@ include_dir 'conf.d'
11241124
mechanism, and hence not work with passwords encrypted with
11251125
SCRAM-SHA-256. See <xref linkend="auth-password"/> for more details.
11261126
</para>
1127+
<warning>
1128+
<para>
1129+
Support for MD5-encrypted passwords is deprecated and will be removed
1130+
in a future release of <productname>PostgreSQL</productname>. Refer
1131+
to <xref linkend="auth-password"/> for details about migrating to
1132+
another password type.
+
</para>
1134+
</warning>
11271135
</listitem>
11281136
</varlistentry>
11291137

@@ -7913,6 +7921,22 @@ log_line_prefix = '%m [%p] %q%u@%d/%a '
79137921
</listitem>
79147922
</varlistentry>
79157923

7924+
<varlistentry id="guc-md5-password-warnings" xreflabel="md5_password_warnings">
7925+
<term><varname>md5_password_warnings</varname> (<type>boolean</type>)
7926+
<indexterm>
7927+
<primary><varname>md5_password_warnings</varname> configuration parameter</primary>
7928+
</indexterm>
7929+
</term>
7930+
<listitem>
7931+
<para>
7932+
Controls whether a <literal>WARNING</literal> about MD5 password
7933+
deprecation is produced when a <command>CREATE ROLE</command> or
7934+
<command>ALTER ROLE</command> statement sets an MD5-encrypted password.
7935+
The default value is <literal>on</literal>.
7936+
</para>
7937+
</listitem>
7938+
</varlistentry>
7939+
79167940
</variablelist>
79177941
</sect2>
79187942
<sect2 id="runtime-config-logging-csvlog">

doc/src/sgml/libpq.sgml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1341,6 +1341,15 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
13411341
<para>
13421342
The server must request MD5 hashed password authentication.
13431343
</para>
1344+
<warning>
1345+
<para>
1346+
Support for MD5-encrypted passwords is deprecated and will be
1347+
removed in a future release of
1348+
<productname>PostgreSQL</productname>. Refer to
1349+
<xref linkend="auth-password"/> for details about migrating to
1350+
another password type.
1351+
</para>
1352+
</warning>
13441353
</listitem>
13451354
</varlistentry>
13461355

doc/src/sgml/protocol.sgml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -312,6 +312,14 @@
312312
(Keep in mind the <function>md5()</function> function returns its
313313
result as a hex string.)
314314
</para>
315+
<warning>
316+
<para>
317+
Support for MD5-encrypted passwords is deprecated and will be removed
318+
in a future release of <productname>PostgreSQL</productname>. Refer
319+
to <xref linkend="auth-password"/> for details about migrating to
320+
another password type.
321+
</para>
322+
</warning>
315323
</listitem>
316324
</varlistentry>
317325

doc/src/sgml/ref/create_role.sgml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -273,6 +273,14 @@ in sync when changing the above synopsis!
273273
different format). This allows reloading of encrypted passwords
274274
during dump/restore.
275275
</para>
276+
<warning>
277+
<para>
278+
Support for MD5-encrypted passwords is deprecated and will be removed
279+
in a future release of <productname>PostgreSQL</productname>. Refer
280+
to <xref linkend="auth-password"/> for details about migrating to
281+
another password type.
282+
</para>
283+
</warning>
276284
</listitem>
277285
</varlistentry>
278286

doc/src/sgml/runtime.sgml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2053,6 +2053,16 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
20532053
is an Internet standard and is more secure than the PostgreSQL-specific
20542054
MD5 authentication protocol.
20552055
</para>
2056+
2057+
<warning>
2058+
<para>
2059+
Support for MD5-encrypted passwords is deprecated and will be removed in
2060+
a future release of <productname>PostgreSQL</productname>. Refer to
2061+
<xref linkend="auth-password"/> for details about migrating to another
2062+
password type.
2063+
</para>
2064+
</warning>
2065+
20562066
</listitem>
20572067
</varlistentry>
20582068

0 commit comments

Comments
 (0)
0