Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1ei0m8-0000Wn-2c for pgsql-docs@arkaria.postgresql.org; Sat, 03 Feb 2018 16:34:48 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ei0m5-0003FU-Bi for pgsql-docs@arkaria.postgresql.org; Sat, 03 Feb 2018 16:34:45 +0000 Received: from makus.postgresql.org ([2001:4800:1501:1::229]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1ei0m4-0003FG-UW for pgsql-docs@lists.postgresql.org; Sat, 03 Feb 2018 16:34:45 +0000 Received: from out5-smtp.messagingengine.com ([66.111.4.29]) by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1ei0m1-0006iU-Op for pgsql-docs@lists.postgresql.org; Sat, 03 Feb 2018 16:34:43 +0000 Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 5810420DC8; Sat, 3 Feb 2018 11:30:55 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Sat, 03 Feb 2018 11:30:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=d1EPosF5s4WyS9LRKuQ36cKkJoahh Qx59vn4brkuHnQ=; b=Th16XoBuQ+3Uil26y5ks0eMI1d61G8jBLjfIMscpECLz3 89Vu18AIxYSHRYN5QelYMKAkZ6ynKpq+JTf1BTAFx+e+wYaHiblEdXlQk/VVNY8H cwtyZwa1V/1m5VtN+VPEP+pGObegU+Tu4WjQwUZ3p3y2trYLjbGc1NPdZVGBd1HX Wc1yrvlnWo6PPnXJfoR3zjzsVTIgkRPwD2e5fGYDWDkh/9U6EbNZdJ9QZvWoB6jY pfumQWXoMgoS4mrxHeoyOfhfW5I+ph+GPsHJkbkrkE3CplEFfm466TrwT4b/7mpt jC2INoF690tLp1xLnnmuW2dojyOBxqNyohtxdfJUw== X-ME-Sender: Received: from april.local (unknown [216.162.94.2]) by mail.messagingengine.com (Postfix) with ESMTPA id 1B70E7E0FD; Sat, 3 Feb 2018 11:30:55 -0500 (EST) Subject: Re: Update encryption options doc for SCRAM-SHA-256 To: roji@roji.org, pgsql-docs@lists.postgresql.org References: <151761495500.1247.9000430848889983044@wrigleys.postgresql.org> From: Peter Eisentraut Organization: 2ndQuadrant Message-ID: <49cbab10-9354-f06e-bcea-6291b6398a28@2ndquadrant.com> Date: Sat, 3 Feb 2018 11:30:51 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <151761495500.1247.9000430848889983044@wrigleys.postgresql.org> Content-Type: multipart/mixed; boundary="------------90D9095E5953E5F6FD930510" Content-Language: en-US List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk This is a multi-part message in MIME format. --------------90D9095E5953E5F6FD930510 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 2/2/18 18:42, PG Doc comments form wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/10/static/encryption-options.html > Description: > > Section "18.8. Encryption Options" only mentions MD5 as the password storage > encryption mechanism, although PostgreSQL 10 introduced the superior SHA256 > - somebody looking at the docs would get a bad idea of PostgreSQL's > capabilities... I propose the attached patch. I have combined the password storage and password transmission items, because I don't want to go into the details of how SCRAM works on the wire. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services --------------90D9095E5953E5F6FD930510 Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0"; name="0001-doc-Update-mentions-of-MD5-in-the-documentation.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename*0="0001-doc-Update-mentions-of-MD5-in-the-documentation.patch" RnJvbSAzNGVmZjliZDY1Y2EwNTFjM2JhMTczNDc2ZTNmOTM2MGVlMGQ1MWI5IE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBQZXRlciBFaXNlbnRyYXV0IDxwZXRlcl9lQGdteC5u ZXQ+CkRhdGU6IFNhdCwgMyBGZWIgMjAxOCAxMToyOToyMyAtMDUwMApTdWJqZWN0OiBbUEFU Q0hdIGRvYzogVXBkYXRlIG1lbnRpb25zIG9mIE1ENSBpbiB0aGUgZG9jdW1lbnRhdGlvbgoK LS0tCiBkb2Mvc3JjL3NnbWwvcnVudGltZS5zZ21sIHwgMzQgKysrKysrKysrLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDkgaW5zZXJ0aW9ucygrKSwgMjUg ZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZG9jL3NyYy9zZ21sL3J1bnRpbWUuc2dtbCBi L2RvYy9zcmMvc2dtbC9ydW50aW1lLnNnbWwKaW5kZXggZDE2MmFjYjJlOC4uNzFmMDIzMDBj MiAxMDA2NDQKLS0tIGEvZG9jL3NyYy9zZ21sL3J1bnRpbWUuc2dtbAorKysgYi9kb2Mvc3Jj L3NnbWwvcnVudGltZS5zZ21sCkBAIC0yMDIzLDE2ICsyMDIzLDE4IEBAIDx0aXRsZT5FbmNy eXB0aW9uIE9wdGlvbnM8L3RpdGxlPgogICA8dmFyaWFibGVsaXN0PgogCiAgIDx2YXJsaXN0 ZW50cnk+Ci0gICA8dGVybT5QYXNzd29yZCBTdG9yYWdlIEVuY3J5cHRpb248L3Rlcm0+Cisg ICA8dGVybT5QYXNzd29yZCBFbmNyeXB0aW9uPC90ZXJtPgogICAgPGxpc3RpdGVtPgogCiAg ICAgPHBhcmE+Ci0gICAgIEJ5IGRlZmF1bHQsIGRhdGFiYXNlIHVzZXIgcGFzc3dvcmRzIGFy ZSBzdG9yZWQgYXMgTUQ1IGhhc2hlcywgc28KLSAgICAgdGhlIGFkbWluaXN0cmF0b3IgY2Fu bm90IGRldGVybWluZSB0aGUgYWN0dWFsIHBhc3N3b3JkIGFzc2lnbmVkCi0gICAgIHRvIHRo ZSB1c2VyLiBJZiBNRDUgZW5jcnlwdGlvbiBpcyB1c2VkIGZvciBjbGllbnQgYXV0aGVudGlj YXRpb24sCi0gICAgIHRoZSB1bmVuY3J5cHRlZCBwYXNzd29yZCBpcyBuZXZlciBldmVuIHRl bXBvcmFyaWx5IHByZXNlbnQgb24gdGhlCi0gICAgIHNlcnZlciBiZWNhdXNlIHRoZSBjbGll bnQgTUQ1LWVuY3J5cHRzIGl0IGJlZm9yZSBiZWluZyBzZW50Ci0gICAgIGFjcm9zcyB0aGUg bmV0d29yay4KKyAgICAgRGF0YWJhc2UgdXNlciBwYXNzd29yZHMgYXJlIHN0b3JlZCBhcyBo YXNoZXMgKGRldGVybWluZWQgYnkgdGhlIHNldHRpbmcKKyAgICAgPHhyZWYgbGlua2VuZD0i Z3VjLXBhc3N3b3JkLWVuY3J5cHRpb24iLz4pLCBzbyB0aGUgYWRtaW5pc3RyYXRvciBjYW5u b3QKKyAgICAgZGV0ZXJtaW5lIHRoZSBhY3R1YWwgcGFzc3dvcmQgYXNzaWduZWQgdG8gdGhl IHVzZXIuIElmIFNDUkFNIG9yIE1ENQorICAgICBlbmNyeXB0aW9uIGlzIHVzZWQgZm9yIGNs aWVudCBhdXRoZW50aWNhdGlvbiwgdGhlIHVuZW5jcnlwdGVkIHBhc3N3b3JkIGlzCisgICAg IG5ldmVyIGV2ZW4gdGVtcG9yYXJpbHkgcHJlc2VudCBvbiB0aGUgc2VydmVyIGJlY2F1c2Ug dGhlIGNsaWVudCBlbmNyeXB0cworICAgICBpdCBiZWZvcmUgYmVpbmcgc2VudCBhY3Jvc3Mg dGhlIG5ldHdvcmsuIFNDUkFNIGlzIHByZWZlcnJlZCwgYmVjYXVzZSBpdAorICAgICBpcyBh biBJbnRlcm5ldCBzdGFuZGFyZCBhbmQgaXMgbW9yZSBzZWN1cmUgdGhhbiB0aGUgUG9zdGdy ZVNRTC1zcGVjaWZpYworICAgICBNRDUgYXV0aGVudGljYXRpb24gcHJvdG9jb2wuCiAgICAg PC9wYXJhPgogICAgPC9saXN0aXRlbT4KICAgPC92YXJsaXN0ZW50cnk+CkBAIC0yMDg2LDI0 ICsyMDg4LDYgQEAgPHRpdGxlPkVuY3J5cHRpb24gT3B0aW9uczwvdGl0bGU+CiAgICA8L2xp c3RpdGVtPgogICA8L3Zhcmxpc3RlbnRyeT4KIAotICA8dmFybGlzdGVudHJ5PgotICAgPHRl cm0+RW5jcnlwdGluZyBQYXNzd29yZHMgQWNyb3NzIEEgTmV0d29yazwvdGVybT4KLQotICAg PGxpc3RpdGVtPgotICAgICA8cGFyYT4KLSAgICAgIFRoZSA8bGl0ZXJhbD5NRDU8L2xpdGVy YWw+IGF1dGhlbnRpY2F0aW9uIG1ldGhvZCBkb3VibGUtZW5jcnlwdHMgdGhlCi0gICAgICBw YXNzd29yZCBvbiB0aGUgY2xpZW50IGJlZm9yZSBzZW5kaW5nIGl0IHRvIHRoZSBzZXJ2ZXIu IEl0IGZpcnN0Ci0gICAgICBNRDUtZW5jcnlwdHMgaXQgYmFzZWQgb24gdGhlIHVzZXIgbmFt ZSwgYW5kIHRoZW4gZW5jcnlwdHMgaXQKLSAgICAgIGJhc2VkIG9uIGEgcmFuZG9tIHNhbHQg c2VudCBieSB0aGUgc2VydmVyIHdoZW4gdGhlIGRhdGFiYXNlCi0gICAgICBjb25uZWN0aW9u IHdhcyBtYWRlLiBJdCBpcyB0aGlzIGRvdWJsZS1lbmNyeXB0ZWQgdmFsdWUgdGhhdCBpcwot ICAgICAgc2VudCBvdmVyIHRoZSBuZXR3b3JrIHRvIHRoZSBzZXJ2ZXIuIERvdWJsZS1lbmNy eXB0aW9uIG5vdCBvbmx5Ci0gICAgICBwcmV2ZW50cyB0aGUgcGFzc3dvcmQgZnJvbSBiZWlu ZyBkaXNjb3ZlcmVkLCBpdCBhbHNvIHByZXZlbnRzCi0gICAgICBhbm90aGVyIGNvbm5lY3Rp b24gZnJvbSB1c2luZyB0aGUgc2FtZSBlbmNyeXB0ZWQgcGFzc3dvcmQgdG8KLSAgICAgIGNv bm5lY3QgdG8gdGhlIGRhdGFiYXNlIHNlcnZlciBhdCBhIGxhdGVyIHRpbWUuCi0gICAgIDwv cGFyYT4KLSAgICA8L2xpc3RpdGVtPgotICA8L3Zhcmxpc3RlbnRyeT4KLQogICA8dmFybGlz dGVudHJ5PgogICAgPHRlcm0+RW5jcnlwdGluZyBEYXRhIEFjcm9zcyBBIE5ldHdvcms8L3Rl cm0+CiAKLS0gCjIuMTYuMQoK --------------90D9095E5953E5F6FD930510--