Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jeLlL-0007h3-Dn for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 28 May 2020 16:52:11 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1jeLlK-0001W9-CP for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 28 May 2020 16:52:10 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jeLlK-0001W2-7M for pgsql-pkg-yum@lists.postgresql.org; Thu, 28 May 2020 16:52:10 +0000 Received: from feynman.df7cb.de ([195.49.152.168]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jeLlH-0006T7-Or for pgsql-pkg-yum@postgresql.org; Thu, 28 May 2020 16:52:09 +0000 Received: from msg.df7cb.de (unknown [IPv6:2a02:908:1474:3de0:76e5:bff:fef3:7e00]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by feynman.df7cb.de (Postfix) with ESMTPSA id 49Xtys5wmdz3DwZ; Thu, 28 May 2020 18:52:05 +0200 (CEST) Date: Thu, 28 May 2020 18:52:05 +0200 From: Christoph Berg To: Stephen Frost Cc: Peter Eisentraut , Devrim =?iso-8859-1?B?R/xuZPx6?= , Craig Ringer , pgsql-pkg-yum Subject: Re: Can we stop defaulting to 'md5'? Message-ID: <20200528165205.GC107313@msg.df7cb.de> Mail-Followup-To: Christoph Berg , Stephen Frost , Peter Eisentraut , Devrim =?iso-8859-1?B?R/xuZPx6?= , Craig Ringer , pgsql-pkg-yum References: <20200520163509.GG3418@tamriel.snowman.net> <20200520153337.GE3418@tamriel.snowman.net> <20200528163856.GB107313@msg.df7cb.de> <20200528164404.GA6680@tamriel.snowman.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200528164404.GA6680@tamriel.snowman.net> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk Re: Stephen Frost > > Why do I have to decide *in pg_hba.conf* which hash algorithm is used? > > Where else would you decide..? Connections could just use whatever hash is used for the username in pg_authid. There's no reason to expose that detail in pg_hba.conf. > > Why can't that just be "password"? > > What would that mean? The above. > > Getting this mess fixed would be good for security because then people > > will likely start using scram. > > That's certainly true, though I hope we can convince people to use SCRAM > even given the modest effort required. It's not modest. Or else this thread wouldn't have 20 mails. > The point here though, really, is that *new* installations of PG have > very little reason to not use SCRAM. The question on upgrades is > different, but that can be addressed with pg_upgradecluster, I would > think, without much trouble. In pg_createcluster, if I move pg_hba.conf and password_encryption to scram, and I restore a dump from an older PG major, can people continue to connect using their passwords? From what I got above, the answer is "no". Should I only set password_encryption to scram and keep advertising md5 as the sane default for pg_hba.conf? Christoph