Role password encryption
The login passwords associated with roles are always stored in an encrypted form, even if the role is created without the ENCRYPTED PASSWORD property. PostgreSQL determines the algorithm to use in order to encrypt the password via the password_encryption option in the postgresql.conf configuration file. By default, the value of the option is set to scram-sha-256:
forumdb=> show password_encryption;
password_encryption
---------------------
scram-sha-256
(1 row)
PostgreSQL introduced the SCRAM-SHA-256 encryption algorithm in version 10; before that, the encryption algorithm was set to a less robust md5 one, which is also the only other (but now discouraged) available option.
It is important to note that you cannot change the password encryption algorithm of a live system without resetting all the passwords of the active roles. In other words, if you decide to migrate from an old md5 to a more recent SCRAM-SHA-256 ( or vice versa ), you need...
