Re: Rejecting weak passwords

Marko Kreen <markokr@gmail.com> writes:
> So promoting the ENCRYPTED 'foo' as "secure" may lure users into
> false sense of security, and be lax against sniffing and logfile
> protection.

This argument is entirely irrelevant to the point.  Yes, ENCRYPTED
doesn't fix everything, but it is still good practice to use it
and most well-written tools will.  So having a weak-password detector
that can only work on non-encrypted passwords is going to not be
very helpful.

> IOW, having plaintext password in CREATE/ALTER time which can
> then checked for weaknesses is better that MD5 password, which
> actually does not increase security.

This is not acceptable and will not happen.  The case that ENCRYPTED
protects against is database superusers finding out other users'
original passwords, which is a security issue to the extent that those
users have used the same/similar passwords for other systems.
We're not going to give up protection for that in order to provide
an option to do weak-password checking in a place that simply isn't
the best place to do it anyway.
        regards, tom lane