On 7/2/16 3:54 PM, Heikki Linnakangas wrote:
> In related news, RFC 7677 that describes a new SCRAM-SHA-256
> authentication mechanism, was published in November 2015. It's identical
> to SCRAM-SHA-1, which is what this patch set implements, except that
> SHA-1 has been replaced with SHA-256. Perhaps we should forget about
> SCRAM-SHA-1 and jump straight to SCRAM-SHA-256.
I think a global change from SHA-1 to SHA-256 is in the air already, so
if we're going to release something brand new in 2017 or so, it should
be SHA-256.
I suspect this would be a relatively simple change, so I wouldn't mind
seeing a SHA-1-based variant in CF1 to get things rolling.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services