public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tom Lane <[email protected]>
To: M, Anbazhagan <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: Reg: Alternate way of hashing database role passwords
Date: Wed, 26 Jun 2024 12:11:45 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <DM6PR06MB5307C5FD95521ABACB4D1D54FFD62@DM6PR06MB5307.namprd06.prod.outlook.com>
References: <DM6PR06MB5307C5FD95521ABACB4D1D54FFD62@DM6PR06MB5307.namprd06.prod.outlook.com>
"M, Anbazhagan" <[email protected]> writes:
> Currently we are using SHA-256 default for password_encryption in our postgresql deployments. Is there any active work being done for adding additional hashing options like PBKDF2, HKDF, SCRYPT or Argon2 password hashing functions, either of which is only accepted as a algorithms that should be used for encrypting or hashing the password at storage as per the Organization's Cryptography Standard.
> If it is not in current plan, is there a plan to include that in subsequent versions?
It is not, and I doubt we have any interest in dramatically expanding
the set of allowed password hashes. Adding SCRAM was enough work and
created a lot of client-v-server and cross-version incompatibility
already; nobody is in a hurry to repeat that. Moreover, I know of
no reason to think that SHA-256 isn't perfectly adequate.
regards, tom lane
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Reg: Alternate way of hashing database role passwords
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox