3

I want to know what is the default encryption method used (if any) by PostgreSQL if I do not specify ENCRYPTED while Creating a user or Altering a Role.

I read the following on the PostgreSQL website:

Password Storage Encryption By default, database user passwords are stored as MD5 hashes, so the administrator cannot determine the actual password assigned to the user. If MD5 encryption is used for client authentication, the unencrypted password is never even temporarily present on the server because the client MD5-encrypts it before being sent across the network.

But I am not sure if MD5 encryption method is used only when I use ENCRYPTED while creating/altering role/user.

I am using PostgreSQL 9.5

Thanks

Improve this question

1 Answer 1

Reset to default
5

From the docs

These key words control whether the password is stored encrypted in the system catalogs. (If neither is specified, the default behavior is determined by the configuration parameter password_encryption.) If the presented password string is already in MD5-encrypted format, then it is stored encrypted as-is, regardless of whether ENCRYPTED or UNENCRYPTED is specified (since the system cannot decrypt the specified encrypted password string). This allows reloading of encrypted passwords during dump/restore.

password_encryption defaults to true., though you can check it with SHOW password_encryption.

According to the encryption options,

Password Storage Encryption By default, database user passwords are stored as MD5 hashes, so the administrator cannot determine the actual password assigned to the user. If MD5 encryption is used for client authentication, the unencrypted password is never even temporarily present on the server because the client MD5-encrypts it before being sent across the network.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for the info Evan. I ran the query: Show password_encryption and it says YES. Does that mean the pg_user passwords are saved with MD5 encryption?
Is there a way to store the user passwords as SHA instead of MD5?
@P_Ar different question.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.