Re: BUG #15911: Why no Bcrypt in pg_hba.conf?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk>
Cc: pgsql-bugs(at)lists(dot)postgresql(dot)org, github(at)marco(dot)sulla(dot)e4ward(dot)com
Subject: Re: BUG #15911: Why no Bcrypt in pg_hba.conf?
Date: 2019-07-16 18:10:42
Message-ID: 9218.1563300642@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> writes:
> "PG" == PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
> PG> Can you please add `bcrypt` as method option?

> Not unless it gets added to the SCRAM specification.

> Note that our primary goal here is to provide a secure and standard
> challenge-response authentication mechanism, not to provide random
> alternate algorithms for password storage.

Worth noting here is that for us, the price of an additional
authentication mechanism is very high, because it's not just a matter
of adding some code to the server. Client-side libraries also need to
be taught about it, and most of those are not maintained by the core
PG project. So it takes years to make anything happen --- the
addition of SCRAM is still a work in progress, for example.

Thus, we aren't going to add stuff on a whim, and when we do add some
new mechanism, there has to be a really solid argument that it's a
*significant* advance over what we have.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Andres Freund 2019-07-16 18:25:54 Re: ERROR: found unexpected null value in index
Previous Message PG Bug reporting form 2019-07-16 17:49:14 BUG #15913: Could not open relation with oid on PL/pgSQL method referencing temporary table that got recreated