Thread: Password-based Authentication
Hello,
I was reading this documentation page:
http://www.postgresql.org/docs/9.3/static/auth-methods.html#AUTH-PASSWORD
http://www.postgresql.org/docs/devel/static/auth-methods.html#AUTH-PASSWORD
... and I noticed that the only password hashing option available in pgsql for authentication purposes is md5.I was reading this documentation page:
http://www.postgresql.org/docs/9.3/static/auth-methods.html#AUTH-PASSWORD
http://www.postgresql.org/docs/devel/static/auth-methods.html#AUTH-PASSWORD
Scott
Scott Arciszewski wrote: > I was reading this documentation page: > http://www.postgresql.org/docs/9.3/static/auth-methods.html#AUTH-PASSWORD > http://www.postgresql.org/docs/devel/static/auth-methods.html#AUTH-PASSWORD > > ... and I noticed that the only password hashing option available in pgsql for authentication purposes > is md5. > > Is there any way to use something more reliable (bcrypt, scrypt, pbkdf2, or eventually any of the > hashing schemes selected by the PHC https://password-hashing.net )? Not yet, although there have been discussions on the development list. Maybe you can resort to different authentication techniques where the password is not stored in PostgreSQL at all. Yours, Laurenz Albe