Db user password length secure?
When creating a new db user to access (eg. the production database) Neon provides me a pregenerated password. However it is rather short. Since the db is exposed on the internet how can I increase the password lenght / security. Or is it secure enough? Just want to eliminate brute force possibility.
Thanks in advance.
6 Replies
deep-jade•2y ago
IIRC there is a password enumeration protection on our side (cc @Conrad Ludgate ?)
literary-plumOP•2y ago
Wow that was quick. Thanks
So as long as I dont expose the password myself it is save to use even without the IP whitelisting feature (can't use that because I use Vercel serverless and Google cloud run)
continuing-cyan•2y ago
The randomly generated passwords are strong enough such that bruteforcing is already impractical. And our rate limits will prevent any such attempts unless our hash lists are leaked. Even still my hash brute force attempts have indicated that it would take 10+ years with a millions of high end GPUs to have a chance of cracking. Let me find the exact calculation I made
continuing-cyan•2y ago
continuing-cyan•2y ago
I also want to configure longer passwords in the UI, so you can get a quick 64 character password. This is mostly to reduce latency however, since we don't want to run thousands of hashes every time for the serverless driver
literary-plumOP•2y ago
Thanks for clarifying. Now I am no longer worried