Re: BUG #15911: Why no Bcrypt in pg_hba.conf?

Поиск
Список
Период
Сортировка
От Andrew Gierth
Тема Re: BUG #15911: Why no Bcrypt in pg_hba.conf?
Дата
Msg-id 87ftn5zze8.fsf@news-spur.riddles.org.uk
обсуждение исходный текст
Ответ на BUG #15911: Why no Bcrypt in pg_hba.conf?  (PG Bug reporting form <noreply@postgresql.org>)
Ответы Re: BUG #15911: Why no Bcrypt in pg_hba.conf?  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: BUG #15911: Why no Bcrypt in pg_hba.conf?  (Marco Sulla <github@marco.sulla.e4ward.com>)
Список pgsql-bugs
Дерево обсуждения 
>>>>> "PG" == PG Bug reporting form <noreply@postgresql.org> writes:

 PG> I see that the encryption methods supported in
 PG> `/etc/postgresql/##/main/pg_hba.conf` are only md5 and sha256.

The supported methods are actually md5 (for historical compatibility)
and SCRAM, which is a better challenge-response protocol than the one we
used to use, using sha256 as the hash algorithm. We do NOT use sha256
as-is as a password hash, SCRAM stores a PBKDF2 result as specified by
the SCRAM protocol definition.

 PG> Can you please add `bcrypt` as method option?

Not unless it gets added to the SCRAM specification.

Note that our primary goal here is to provide a secure and standard
challenge-response authentication mechanism, not to provide random
alternate algorithms for password storage.

-- 
Andrew (irc:RhodiumToad)

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Manuel Rigger
Дата:
Сообщение: Re: SELECT with COLLATE results in segfault on trunk and 12 Beta 2
Следующее
От: PG Bug reporting form
Дата:
Сообщение: BUG #15913: Could not open relation with oid on PL/pgSQL method referencing temporary table that got recreated