On 08/20/2012 07:08 PM, Tom Lane wrote:
> Moreover, as Josh just mentioned, anybody who
> thinks it might be insufficiently secure for their purposes has got
> plenty of alternatives available today (SSL certificates, PAM backed
> by whatever-you-want, etc).
>
Yeah, I think we need to emphasize this lots more. Anyone who wants
really secure authentication needs to be getting away from password
based auth altogether. Another hash function will make very little
difference.
cheers
andrew