3

Is there a way to change the PostgreSQL password encryption method from MD5 to SHA?

If Yes, can you please tell me how?

I am using PostgreSQL 9.5

Evan Carroll
  • 78,363
  • 46
  • 261
  • 468
P_Ar
  • 377
  • 2
  • 9
  • 25
  • This can't be done using configuration. You need to change the source code and compile Postgres for yourself –  Apr 10 '17 at 21:25
  • What do you expect from that? – Clodoaldo Neto Apr 10 '17 at 23:28
  • That's a security requirement from one of our customers. Any documents/help files on how to edit the source code, change the encryption from MD5 to SHA and then compile PostgreSQL? Thanks – P_Ar Apr 11 '17 at 21:32
  • Is there any plug-in/tool available which can convert the encryption from MD5 to SHA? – P_Ar Apr 12 '17 at 20:39

1 Answers1

2

Pg 10

With PostgreSQL 10, you can set password_encryption to scram-sha-256. From the docs

When a password is specified in CREATE ROLE or ALTER ROLE without writing either ENCRYPTED or UNENCRYPTED, this parameter determines whether the password is to be encrypted. The default value is md5, which stores the password as an MD5 hash. Setting this to plain stores it in plaintext. on and off are also accepted, as aliases for md5 and plain, respectively. Setting this parameter to scram-sha-256 will encrypt the password with SCRAM-SHA-256.

See this post for information about iterations using scram-sha-256

Pg 9.x

This can not be done without actually modifying the source.

Evan Carroll
  • 78,363
  • 46
  • 261
  • 468