Thanks for your attention to this.
I'm definitely not a cryptography expert, but it seems to me that the
actual mechanisms (MD5, SHA-256) are more important than the protocols used
to negotiate them (SASL, SCRAM). When some security expert unfamiliar with
PostgreSQL goes over itss documentation
On 2/2/18 18:42, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/10/static/encryption-options.html
> Description:
>
> Section "18.8. Encryption Options" only mentions MD5 as the password storage
>
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/10/static/encryption-options.html
Description:
Section "18.8. Encryption Options" only mentions MD5 as the password storage
encryption mechanism, although PostgreSQL 10 introduced the