"M, Anbazhagan" <anbazhaga...@netapp.com> writes: > Currently we are using SHA-256 default for password_encryption in our > postgresql deployments. Is there any active work being done for adding > additional hashing options like PBKDF2, HKDF, SCRYPT or Argon2 password > hashing functions, either of which is only accepted as a algorithms that > should be used for encrypting or hashing the password at storage as per the > Organization's Cryptography Standard.
> If it is not in current plan, is there a plan to include that in subsequent > versions? It is not, and I doubt we have any interest in dramatically expanding the set of allowed password hashes. Adding SCRAM was enough work and created a lot of client-v-server and cross-version incompatibility already; nobody is in a hurry to repeat that. Moreover, I know of no reason to think that SHA-256 isn't perfectly adequate. regards, tom lane