On 2021-May-12, Bruce Momjian wrote: > OK, updated text: > > <listitem> > <!-- > Author: Peter Eisentraut <pe...@eisentraut.org> > 2020-06-10 [c7eab0e97] Change default of password_encryption to > scram-sha-256 > --> > > <para> > Change the default of the password_encryption server parameter > to scram-sha-256 (Peter Eisentraut) > </para> > > <para> > Previously it was md5. All new passwords will be stored as SHA256 > unless this server variable is changed or the password is already > md5-hashed. Also, the legacy (and undocumented) boolean-like > values which were previously synonyms of <literal>md5</literal> > are no longer accepted. > </para> > </listitem>
Thanks, looks ok as far as what the original point was about. I have to say that this sentence is a bit odd: "All new passwords will be stored as sha256 unless ... the password is already md5-hashed". Does this mean that if you change a password for a user whose password was md5, the new one is stored as md5 too even if the setting is scram-sha-256? Or if "the password" means an old password, then why is it a new password? -- Álvaro Herrera Valdivia, Chile
