[FOLIO-2411] Use SCRAM-SHA-256 for passwords on PostgreSQL server, drop MD5 Created: 20/Dec/19  Updated: 05/May/22

Status: Blocked
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Umbrella Priority: P2
Reporter: Johannes Drexl Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: platform-backlog, postgres, security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
is blocked by FOLIO-2416 Enforce SCRAM-SHA-256 PostgreSQL pass... Open
is blocked by FOLIO-1438 Upgrade to PostgreSQL 10 Closed
is blocked by OKAPI-793 Enable SCRAM-SHA-256 PostgreSQL passw... Closed
is blocked by RMB-548 Enable SCRAM-SHA-256 PostgreSQL passw... Closed
is blocked by VERTXLIB-18 Enable SCRAM-SHA-256 PostgreSQL passw... Closed
Duplicate
is duplicated by FOLIO-2406 SSL/TLS, SCRAM-SHA-256, migration to ... Closed
Relates
relates to FOLIO-3391 NoClassDefFoundError: com/ongres/scra... Closed
relates to UIU-514 All passwords stored must be encrypte... Closed
Sprint:
Development Team: Core: Platform

 Description   

MD5 is the only password storage hashing algorithm that is supported by PG 9.x. And it's legacy, i. e. broken beyond repair and hope. PG 10 introduced SCRAM-SHA-256. Not only is sha256 a stronger and - for the foreseeable future - secure hashing algorithm, it also is salted and bundled with salted challenge response authentication, which doesn't expose passwords to sniffing parties on the network. Even if database breaches are something that seems like a worst case scenario, exposing passwords due to weak hashes during a breach will put a lot of users under fire, since we all know a lot of people recycle their passwords. SCRAM-SHA-256 won't be breakable for quite some time (as of current knowledge), and the salting counters rainbow table attacks too.
There also is the problem that MD5 hashed passwords are incompatible with SCRAM-SHA-256 authentication, so upgrading and using the better algorithm is only possible by resetting all passwords, which is a nightmare in its own right.

This requires

The old deprecated client https://github.com/vert-x3/vertx-mysql-postgresql-client / https://github.com/vert-x3/vertx-sql-common only supports MD5, it doesn't support SCRAM.

If all subtasks are finished add a note how to configure PostgreSQL for SCRAM-SHA-256 to all installation documentation documents.



 Comments   
Comment by Johannes Drexl [ 20/Dec/19 ]

This is a branch of https://folio-org.atlassian.net/browse/FOLIO-2406

Comment by Craig McNally [ 14/Oct/21 ]

We may need another related ticket for folio-spring-base...  

Comment by Craig McNally [ 14/Oct/21 ]

Jakub Skoczen to follow up with CP team and on the spring way question above.

Generated at Thu Feb 08 23:20:27 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.