On Wed, Oct 14, 2015 at 5:49 PM, Michael Paquier <michael.paqu...@gmail.com> wrote:
> On Thu, Oct 15, 2015 at 7:19 AM, Jeff Janes <jeff.ja...@gmail.com> wrote: > > On Wed, Oct 14, 2015 at 1:41 PM, John R Pierce <pie...@hogranch.com> > wrote: > >> > >> On 10/14/2015 1:31 PM, Quiroga, Damian wrote: > >> > >> > >> > >> Does postgres support other (stronger) hashing algorithms than MD5 to > >> store the database passwords at disk? > >> > >> If not, is there any plan to move away from MD5? > > There are proposals to do so, the most advanced one I know of is with > SCRAM. > > But I don't think any of them have turned into actual plans yet. > > I would not be so sure, I heard of a patch regarding that for 9.6: > https://commitfest.postgresql.org/6/320/ Right, that is the proposal I was thinking of. I didn't think it had enough community consensus yet on that specific design to promote it to a "plan", though, rather than a proposal. I feel a bit guilty about not having done more to review it, but it is a pretty intimidating thing to review for someone not already an expert in the field. Cheers, Jeff
