Re: Possible to store invalid SCRAM-SHA-256 Passwords

Stephen Frost wrote:

> I agree we should also handle md5 better.  I realize this needs to be
> back-patched and so we have to deal with the existing catalog structure,
> but this really screams out, in my mind anyway, that we shouldn't have
> ever tried to just stash the password-encoding-type into the password
> field and that we should have pulled it out into its own column, so that
> we aren't having to guess about things as important as a password.
> 
> Thanks!
> 
> Stephen

I don't think there's anything wrong with prefixing a
password hash with an identifier for the password
hashing scheme (and any parameters for that scheme).
This is done all the time in many systems. It just has
to be unambiguoous.