PostgreSQL 10 introduced SCRAM (Salted Challenge Response Authentication Mechanism) to securely authenticate passwords. The SCRAM algorithm lets a client and server securely validate a password without ever exchanging the password using a series of cryptographic methods!

In this talk, we will look at:

• A history of password storage and authentication in PostgreSQL
• Flaws in each of the legacy PostgreSQL password-based authentication methods
• How SCRAM works with a guided deep dive into the algorithm
• Channel binding, which helps prevent authentication MITM attacks
• How to safely set and modify your passwords, and how to upgrade to SCRAM-SHA-256