On Thu, Oct 15, 2015 at 7:19 AM, Jeff Janes <jeff.janes@gmail.com> wrote: > On Wed, Oct 14, 2015 at 1:41 PM, John R Pierce <pierce@hogranch.com> wrote: >> >> On 10/14/2015 1:31 PM, Quiroga, Damian wrote: >> >> >> >> Does postgres support other (stronger) hashing algorithms than MD5 to >> store the database passwords at disk? >> >> If not, is there any plan to move away from MD5? > There are proposals to do so, the most advanced one I know of is with SCRAM. > But I don't think any of them have turned into actual plans yet.
Right, that is the proposal I was thinking of. I didn't think it had enough community consensus yet on that specific design to promote it to a "plan", though, rather than a proposal. I feel a bit guilty about not having done more to review it, but it is a pretty intimidating thing to review for someone not already an expert in the field.