On Thu, Oct 9, 2014 at 5:29 PM, Phil Olson <philip.olso...@gmail.com> wrote: > In short, I think it should be made clear that an encrypted user password > for all intents and purposes, is simply obfuscated.
Well, I do agree that "encrypted" is a misleading word to use in this context, since "hashed" is the technically correct description of what gets stored in pg_authid.rolpassword when one uses: CREATE ROLE ... WITH ENCRYPTED PASSWORD 'secret' Though of course it's too late to change the SQL syntax we accept. And I'm not sure whether a doc change is needed, or where it should go if it is -- the section on pg_authid [1] already accurately spells out how we store rolpassword when the ENCRYPTED option is given. Possibly that description could be a bit more clear about the fact that "possibly encrypted" is talking about the 'ENCRYPTED' option of CREATE ROLE. I don't agree with the characterization of md5 hashing with a salt (not a particularly strong salt choice, but a salt nonetheless) as being "simply obfuscated". Here's a short summary of how obfuscation vs. hashing vs. encryption are generally distinguished: http://stackoverflow.com/a/184369/1772673 > Encrypted implies secure, See link above, "encrypted" has a basically well-understood definition. Josh [1] http://www.postgresql.org/docs/current/static/catalog-pg-authid.html -- Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
