"M, Anbazhagan" <Anbazhagan.M@netapp.com> writes:
> Currently we are using SHA-256 default for password_encryption in our postgresql deployments. Is there any active
workbeing done for adding additional hashing options like PBKDF2, HKDF, SCRYPT or Argon2 password hashing functions,
eitherof which is only accepted as a algorithms that should be used for encrypting or hashing the password at storage
asper the Organization's Cryptography Standard.
> If it is not in current plan, is there a plan to include that in subsequent versions?
It is not, and I doubt we have any interest in dramatically expanding
the set of allowed password hashes. Adding SCRAM was enough work and
created a lot of client-v-server and cross-version incompatibility
already; nobody is in a hurry to repeat that. Moreover, I know of
no reason to think that SHA-256 isn't perfectly adequate.
regards, tom lane
