On Thu, 2009-10-15 at 13:19 -0400, Robert Haas wrote:
> But I don't understand why everyone is
> so worked up about having an *optional* *flag* to force plaintext
> instead of MD5.
It would be pretty bad usability. Users would be faced with the choice:
you can have secure authentication or good passwords, but not both.
(For some values of "secure" and "good".) I think most people would
want both.