This site is about a previous instance of this event. For the current event, please see the updated site.

Schedule - PGConf.EU 2019

Safely Protect Your Passwords and Tell Others to SCRAM!

Date: 2019-10-16
Time: 09:50–10:40
Room: Washington
Level: Intermediate

Passwords: they just seem to work. You connect to your PostgreSQL database and you are prompted for your password. You type in the correct character combination, and presto! you're in, safe and sound.

But what if I told you that all was not as it seemed, and there was a better way to authenticate with passwords in PostgreSQL?

PostgreSQL 10 introduced SCRAM (Salted Challenge Response Authentication Mechanism), introduced in RFC 5802, as a way to securely authenticate passwords. The SCRAM algorithm lets a client and server validate a password without ever sending the password, whether plaintext or a hashed form of it, to each other, using a series of cryptographic methods.

In this talk, we will look at:

At the end of this talk, you will understand how SCRAM works, how to ensure your PostgreSQL drivers supports it, how to upgrade your passwords to using SCRAM-SHA-256, and why you want to tell other PostgreSQL password mechanisms to SCRAM!

Slides

The following slides have been made available for this session:

Speaker

Jonathan S. Katz