"M, Anbazhagan" <[email protected]> writes:
> Currently we are using SHA-256 default for password_encryption in our
> postgresql deployments. Is there any active work being done for adding
> additional hashing options like PBKDF2, HKDF, SCRYPT or Argon2 password
> hashing functions, either of which is only accepted as a algorithms that
> should be used for encrypting or hashing the password at storage as per the
> Organization's Cryptography Standard.
> If it is not in current plan, is there a plan to include that in subsequent
> versions?
It is not, and I doubt we have any interest in dramatically expanding
the set of allowed password hashes. Adding SCRAM was enough work and
created a lot of client-v-server and cross-version incompatibility
already; nobody is in a hurry to repeat that. Moreover, I know of
no reason to think that SHA-256 isn't perfectly adequate.
regards, tom lane
