Quick Links

Re: BUG #14797: It's not safe to use MD5

From:	hubert depesz lubaczewski <depesz(at)depesz(dot)com>
To:	dmitriy(dot)davydov(at)deiteriy(dot)com
Cc:	pgsql-bugs mailing list <pgsql-bugs(at)postgresql(dot)org>
Subject:	Re: BUG #14797: It's not safe to use MD5
Date:	2017-09-05 13:17:28
Message-ID:	20170905131728.GA5410@depesz.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

On Tue, Sep 05, 2017 at 12:01:06PM +0000, dmitriy(dot)davydov(at)deiteriy(dot)com wrote:
> Hello.
> Postgresql 9.6.5 , by default , database user passwords are stored as MD5
> hashes (18.8 Encryption Options.

first of all, it's not a bug, so posting it to pgsql-bugs is not
appropriate.

second of all - newer pg already has stronger hashing support:
https://www.depesz.com/2017/04/18/waiting-for-postgresql-10-support-scram-sha-256-authentication-rfc-5802-and-7677/

Best regards,

depesz

In response to

BUG #14797: It's not safe to use MD5 at 2017-09-05 12:01:06 from dmitriy.davydov

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Michael Paquier	2017-09-06 04:02:57	Re: Old row version in hot chain become visible after a freeze
Previous Message	Michael Paquier	2017-09-05 12:44:39	Re: Old row version in hot chain become visible after a freeze