Re: [HACKERS] Changing references of password encryption to hashing - Mailing list pgsql-hackers

From Robert Haas
Subject Re: [HACKERS] Changing references of password encryption to hashing
Date
Msg-id CA+Tgmoa44Q+rajT2FC2S7R3-hfh0xXTEa+qLzdYD0Gh9DPoX3Q@mail.gmail.com
Whole thread Raw
In response to Re: [HACKERS] Changing references of password encryption to hashing  (Stephen Frost <sfrost@snowman.net>)
Responses Re: [HACKERS] Changing references of password encryption to hashing
Re: [HACKERS] Changing references of password encryption to hashing
List pgsql-hackers
On Tue, Nov 28, 2023 at 9:55 AM Stephen Frost <sfrost@snowman.net> wrote:
> I do think we should use the correct terminology in our documentation
> and would support your working on improving things in this area.

+1.

> I do wonder if perhaps we would be better off by having someone spend
> time on removing terribly insecure authentication methods like md5 and
> ldap though ...

Wait, what's insecure about LDAP?

I think we should eventually remove MD5, but I think there's no rush.
People who care about security will have already switched, and people
who don't care about security are not required to start caring.
Eventually the maintenance burden will become large enough that it
makes sense to phase it out for that reason, but I haven't seen any
evidence that we're anywhere close to that point.

--
Robert Haas
EDB: http://www.enterprisedb.com



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: SSL tests fail on OpenSSL v3.2.0
Next
From: "Tristan Partin"
Date:
Subject: Re: SSL tests fail on OpenSSL v3.2.0