On Wed, Oct 14, 2015 at 5:49 PM, Michael Paquier <michael.paquier@xxxxxxxxx> wrote:
On Thu, Oct 15, 2015 at 7:19 AM, Jeff Janes <jeff.janes@xxxxxxxxx> wrote:
> On Wed, Oct 14, 2015 at 1:41 PM, John R Pierce <pierce@xxxxxxxxxxxx> wrote:
>>
>> On 10/14/2015 1:31 PM, Quiroga, Damian wrote:
>>
>>
>>
>> Does postgres support other (stronger) hashing algorithms than MD5 to
>> store the database passwords at disk?
>>
>> If not, is there any plan to move away from MD5?
> There are proposals to do so, the most advanced one I know of is with SCRAM.
> But I don't think any of them have turned into actual plans yet.
I would not be so sure, I heard of a patch regarding that for 9.6:
https://commitfest.postgresql.org/6/320/
Right, that is the proposal I was thinking of. I didn't think it had enough community consensus yet on that specific design to promote it to a "plan", though, rather than a proposal. I feel a bit guilty about not having done more to review it, but it is a pretty intimidating thing to review for someone not already an expert in the field.
Cheers,
Jeff
