Database MD5

jw_CS · ‎Aug 12, 2024

I'm currently installing Thingworx server on linux.

While installing the database i notices the following:

6. Configure pgAdmin:
$ sudo pgadmin4
◦ In pgAdmin, click on file->Open postgresql.conf
◦ Open /etc/postgresql/x.x/main/postgresql.conf
◦ Put a check next to listen addresses and port. The default settings of localhost and 5432 are usually sufficient.
◦ Save and close.
◦ Click on file->Open pg_hba.conf
◦ Open /etc/postgresql/x.x/main/pg_hba.conf
◦ Double-click on the database ‘all’ line with address 127.0.0.1/32
◦ Set Method to md5
◦ Click OK
◦ Save and exit
◦ Close pgAdmin

(Sorry i'm unable to quote!!)

I'm not happy that MD5 is used for Hashing. MD5 is not a really secure algoritm anymore and i would like to use Sha-2 (what is current default) if possible! Is this possible? if Not Why...

More info on MD5:
https://security.stackexchange.com/questions/19906/is-md5-considered-insecure https://www.freecodecamp.org/news/md5-vs-sha-1-vs-sha-2-which-is-the-most-secure-encryption-hash-and-how-to-check-them/

https://infosecscout.com/why-md5-is-not-safe/

Jimwang · ‎Aug 12, 2024

Per Postgresql document, scram-sha-256 is not supported by older client library, thus I suggest to open a Technical Support case to check product manager about it.

jw_CS · ‎Aug 13, 2024

Maybe i expected to much.

Thingworx 9.6 released 2024-06 - https://release-advisor.ptc.com/releaseMatrix?releaseId=1881
Minimum required PostgreSQL version (13) released in 2020-09 - https://www.postgresql.org/about/news/postgresql-13-released-2077/
scram-sha-256 released in 2015-11 - https://datatracker.ietf.org/doc/html/rfc7677

The support case is a good idea!