Michael Paquier <mich...@paquier.xyz> writes: > On Sat, Oct 06, 2018 at 11:43:06PM -0700, Andres Freund wrote: >> Now that we probably have shaken the worst issues out of scram, >> shouldn't we change the default password_encryption to something that >> doesn't scare people? The only reason I could think of not wanting to >> do that for is that we don't necessarily guarantee that we have a strong >> random generator, but if that's the issue, we should change initdb to >> default it to something safe if the platform provides something. Which >> is just about any sane one, no?
> In short, +1. > The random function issue would apply to any platform in need of > --disable-strong-random, but this applies mainly to some old HP-UX stuff > if my memory serves me well, so I'd like to think that we should be safe > to just switch the default and not complicate initdb. Yeah, I don't see why that should affect anything. SCRAM with a poor random function is probably still better than MD5. As I recall, the reason for not defaulting to SCRAM right away had nothing to do with that; it was worry about how many clients would get locked out for lack of SCRAM support. But the list at https://wiki.postgresql.org/wiki/List_of_drivers looks pretty positive, and another year would probably be enough to give the stragglers time to catch up ... especially if they know this is coming. regards, tom lane