Re: Not storing MD5 hashed passwords
| От | Jeff Janes |
|---|---|
| Тема | Re: Not storing MD5 hashed passwords |
| Дата | |
| Msg-id | CAMkU=1z+hYx9m_3cQ10PUN-8GohnS6rER2V=DiBoJDD6rotaPQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Not storing MD5 hashed passwords (Michael Paquier <michael.paquier@gmail.com>) |
| Список | pgsql-general |
On Wed, Oct 14, 2015 at 5:49 PM, Michael Paquier <michael.paquier@gmail.com> wrote:
On Thu, Oct 15, 2015 at 7:19 AM, Jeff Janes <jeff.janes@gmail.com> wrote:
> On Wed, Oct 14, 2015 at 1:41 PM, John R Pierce <pierce@hogranch.com> wrote:
>>
>> On 10/14/2015 1:31 PM, Quiroga, Damian wrote:
>>
>>
>>
>> Does postgres support other (stronger) hashing algorithms than MD5 to
>> store the database passwords at disk?
>>
>> If not, is there any plan to move away from MD5?
> There are proposals to do so, the most advanced one I know of is with SCRAM.
> But I don't think any of them have turned into actual plans yet.
I would not be so sure, I heard of a patch regarding that for 9.6:
https://commitfest.postgresql.org/6/320/
Right, that is the proposal I was thinking of. I didn't think it had enough community consensus yet on that specific design to promote it to a "plan", though, rather than a proposal. I feel a bit guilty about not having done more to review it, but it is a pretty intimidating thing to review for someone not already an expert in the field.
Cheers,
Jeff
В списке pgsql-general по дате отправления: