On 2021-May-12, Bruce Momjian wrote:
> OK, updated text:
>
> <listitem>
> <!--
> Author: Peter Eisentraut <peter@eisentraut.org>
> 2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
> -->
>
> <para>
> Change the default of the password_encryption server parameter
> to scram-sha-256 (Peter Eisentraut)
> </para>
>
> <para>
> Previously it was md5. All new passwords will be stored as SHA256
> unless this server variable is changed or the password is already
> md5-hashed. Also, the legacy (and undocumented) boolean-like
> values which were previously synonyms of <literal>md5</literal>
> are no longer accepted.
> </para>
> </listitem>
Thanks, looks ok as far as what the original point was about.
I have to say that this sentence is a bit odd: "All new passwords will
be stored as sha256 unless ... the password is already md5-hashed".
Does this mean that if you change a password for a user whose password
was md5, the new one is stored as md5 too even if the setting is
scram-sha-256? Or if "the password" means an old password, then why is
it a new password?
--
Álvaro Herrera Valdivia, Chile