Re: reducing our reliance on MD5

On Wed, Feb 11, 2015 at 8:02 AM, Heikki Linnakangas
<hlinnakangas(at)vmware(dot)com> wrote:
> On 02/11/2015 02:49 PM, Robert Haas wrote:
>> So, this all sounds fairly nice if somebody's willing to do the work,
>> but I can't help noticing that you originally proposed adopting SCRAM
>> in 2012, and it's 2015 now. So I wonder if anyone's really going to
>> do all this work, and if not, whether we should go for something
>> simpler. Just plugging something else in for MD5 would be a lot less
>> work for us to implement and for clients to support, even if it is (as
>> it unarguably is) less elegant.
>
> "Just plugging something else in for MD5" would still be a fair amount of
> work. Not that much less than the full program I proposed.
>
> Well, I guess it's easier if you immediately stop supporting MD5, have a
> "flag day" in all clients to implement the replacement, and break
> pg_dump/restore of passwords in existing databases. That sounds horrible.
> Let's do this properly. I can help with that, although I don't know if I'll
> find the time and enthusiasm to do all of it alone.

So are you thinking to integrate with the Cyrus SASL library, or do
you have another thought?

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company