On 7/2/16 3:54 PM, Heikki Linnakangas wrote:
In related news, RFC 7677 that describes a new SCRAM-SHA-256 authentication mechanism, was published in November 2015. It's identical to SCRAM-SHA-1, which is what this patch set implements, except that SHA-1 has been replaced with SHA-256. Perhaps we should forget about SCRAM-SHA-1 and jump straight to SCRAM-SHA-256.
I think a global change from SHA-1 to SHA-256 is in the air already, so if we're going to release something brand new in 2017 or so, it should be SHA-256.
I suspect this would be a relatively simple change, so I wouldn't mind seeing a SHA-1-based variant in CF1 to get things rolling.
-- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
