| From: | Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org, github(at)marco(dot)sulla(dot)e4ward(dot)com |
| Subject: | Re: BUG #15911: Why no Bcrypt in pg_hba.conf? |
| Date: | 2019-07-16 17:36:54 |
| Message-ID: | 87ftn5zze8.fsf@news-spur.riddles.org.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
>>>>> "PG" == PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
PG> I see that the encryption methods supported in
PG> `/etc/postgresql/##/main/pg_hba.conf` are only md5 and sha256.
The supported methods are actually md5 (for historical compatibility)
and SCRAM, which is a better challenge-response protocol than the one we
used to use, using sha256 as the hash algorithm. We do NOT use sha256
as-is as a password hash, SCRAM stores a PBKDF2 result as specified by
the SCRAM protocol definition.
PG> Can you please add `bcrypt` as method option?
Not unless it gets added to the SCRAM specification.
Note that our primary goal here is to provide a secure and standard
challenge-response authentication mechanism, not to provide random
alternate algorithms for password storage.
--
Andrew (irc:RhodiumToad)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Bug reporting form | 2019-07-16 17:49:14 | BUG #15913: Could not open relation with oid on PL/pgSQL method referencing temporary table that got recreated |
| Previous Message | Manuel Rigger | 2019-07-16 16:33:08 | Re: SELECT with COLLATE results in segfault on trunk and 12 Beta 2 |