Greetings, * Tom Lane (t...@sss.pgh.pa.us) wrote: > "Jonathan S. Katz" <jk...@postgresql.org> writes: > > For now I have left in the password based method to be scram-sha-256 as > > I am optimistic about the support across client drivers[1] (and FWIW I > > have an implementation for crystal-pg ~60% done). > > > However, this probably means we would need to set the default password > > encryption guc to "scram-sha-256" which we're not ready to do yet, so it > > may be moot to leave it in. > > > So, thinking out loud about that, we should probably use "md5" and once > > we decide to make the encryption method "scram-sha-256" by default, then > > we update the recommendation? > > Meh. If we're going to break things, let's break them. Set it to > scram by default and let people who need to cope with old clients > change the default. I'm tired of explaining that MD5 isn't actually > insecure in our usage ...
+many. Thanks, Stephen
signature.asc
Description: PGP signature
