Hi, Now that we probably have shaken the worst issues out of scram, shouldn't we change the default password_encryption to something that doesn't scare people? The only reason I could think of not wanting to do that for is that we don't necessarily guarantee that we have a strong random generator, but if that's the issue, we should change initdb to default it to something safe if the platform provides something. Which is just about any sane one, no?
Greetings, Andres Freund
