On 2/6/25 18:03, Bharani SV-forum wrote:
> Adrian
> TQ for your valuable input's.
>
> *Additional Qsn*
>
> Assume DB ver = 15.X
>
> By default encryption = scram-sha-256, Assume pg_hba.conf is quoted the
> usage as MD5 for the
> dbuserid "test_usr_1"
>
> *e.g .)*
> *
> *
> hostssl all test_usr_1 10.20.30.40 md5
>
> i.e .)
> Assume if the respective db userid (e.g test_usr_1) is quoted for usage
> md5, in pg_hba.conf, No Need to Change, the respective *Role/Userid
> password mandatorily.* DB System will allow to use existing password
> with the old MD5 passwords still work, as long as the authentication
> method in pg_hba.conf is set to md5
Yes.
It gives you time to switch the passwords to scram-sha-256 encryption
after you do the migration. In other words you can have both md5 and
scram-sha-256 passwords in use without changing the pg_hba.conf lines.
Once the transition to scram-sha-256 is done then you can change the
lines to scram-sha-256 and that will prevent use of m5 passwords going
forward.
>
> e.g.) hostssl all LOGS_USER_1 10.9.0.0/21 md5
>
> Is their, any security problem due to usage of md5 in the pg_hba.conf
> file with underlying db =15.X ?
You are currently using it, have there been any issues?
If not then moving to Postgres 15 won't change that.
>
> I am Aware ,
> (a) *MD5 hash algorithm is nowadays no longer considered secure against
> determined attacks.*
> *(a) MD5 method cannot be used with the db_user_namespace feature.
> *
>
>
>
--
Adrian Klaver
adrian.klaver@aklaver.com
