Robert Haas <robertmhaas@gmail.com> writes:
> If we were using some kind of real public key system and someone
> suggested breaking it to add password complexity checking, I would
> understand the outrage here. But I don't understand why everyone is
> so worked up about having an *optional* *flag* to force plaintext
> instead of MD5. I might be wrong here, but can't a determined
> attacker brute-force an MD5 anyway? The very fact that people are
> suggesting that password checking might be feasible even on a
> pre-MD5'd password by using a dictionary suggests that we're not
> getting a whole lot of real security here. And even if not, dude,
> it's an *optional* *flag*.
Yes, and it's an optional flag that could perfectly well be implemented
in the plugin that I think we do have consensus to add a hook for.
The argument is over why do we need to litter the core system with it.
regards, tom lane