Home > mailing lists

Re: Not storing MD5 hashed passwords - Mailing list pgsql-general

From	John R Pierce
Subject	Re: Not storing MD5 hashed passwords
Date	October 14, 2015 23:42:02
Msg-id	561EBE0C.1070200@hogranch.com Whole thread Raw
In response to	Not storing MD5 hashed passwords ("Quiroga, Damian" <damian.quiroga@intel.com>)
Responses	Re: Not storing MD5 hashed passwords (Jeff Janes <jeff.janes@gmail.com>)
List	pgsql-general

Tree view

On 10/14/2015 1:31 PM, Quiroga, Damian wrote:

Does postgres support other (stronger) hashing algorithms than MD5 to store the database passwords at disk?
If not, is there any plan to move away from MD5?

if you can read the password database, you already have superuser access to the full database.... so what threat does a stronger hash address?

if you need stronger security, don't use passwords, use ssl certificates, or LDAP, or something.

-- 
john r pierce, recycling bits in santa cruz

pgsql-general by date:

From: "Quiroga, Damian"
Date: 14 October 2015, 23:31:26
Subject: Not storing MD5 hashed passwords

From: Selim Tuvi
Date: 15 October 2015, 00:08:19
Subject: BDR: pg_stat_bdr: cache lookup failed

Re: Not storing MD5 hashed passwords - Mailing list pgsql-general

Previous

Next