| From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "Scott Arciszewski *EXTERN*" <scott(at)arciszewski(dot)me>, "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: Password-based Authentication |
| Date: | 2014-05-19 09:20:36 |
| Message-ID: | A737B7A37273E048B164557ADEF4A58B17CFAC82@ntex2010i.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Scott Arciszewski wrote:
> I was reading this documentation page:
> http://www.postgresql.org/docs/9.3/static/auth-methods.html#AUTH-PASSWORD
> http://www.postgresql.org/docs/devel/static/auth-methods.html#AUTH-PASSWORD
>
> ... and I noticed that the only password hashing option available in pgsql for authentication purposes
> is md5.
>
> Is there any way to use something more reliable (bcrypt, scrypt, pbkdf2, or eventually any of the
> hashing schemes selected by the PHC https://password-hashing.net )?
Not yet, although there have been discussions on the development list.
Maybe you can resort to different authentication techniques where the password
is not stored in PostgreSQL at all.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Eng Sameer | 2014-05-27 09:38:09 | FW: Security |
| Previous Message | David G Johnston | 2014-05-17 19:51:01 | Re: CONCAT function equivalent |