Andrew Gierth <andrew@tao11.riddles.org.uk> writes:
> "PG" == PG Bug reporting form <noreply@postgresql.org> writes:
> PG> Can you please add `bcrypt` as method option?
> Not unless it gets added to the SCRAM specification.
> Note that our primary goal here is to provide a secure and standard
> challenge-response authentication mechanism, not to provide random
> alternate algorithms for password storage.
Worth noting here is that for us, the price of an additional
authentication mechanism is very high, because it's not just a matter
of adding some code to the server. Client-side libraries also need to
be taught about it, and most of those are not maintained by the core
PG project. So it takes years to make anything happen --- the
addition of SCRAM is still a work in progress, for example.
Thus, we aren't going to add stuff on a whim, and when we do add some
new mechanism, there has to be a really solid argument that it's a
*significant* advance over what we have.
regards, tom lane
