Hi, Sending this as requested by xocolatl on #postgresql (irc).
On discovering that (md5) password hashes are stored in postgres in a manner similar to this: 'md5' || md5('the most secret password' || 'username') i.e. without the use of a random salt, it was suggested I should look into the scram alternative. I can't find information about the storage format for that at all - other than "... and supports storing passwords on the server in a cryptographically hashed form that is thought to be secure." It would be nice to see more information on this. Thanks, Richard