Re: sha1, sha2 functions into core?

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Dave Page <dpage(at)pgadmin(dot)org>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: sha1, sha2 functions into core?
Date: 2011-08-10 18:43:18
Message-ID: 1313001798.24721.58.camel@vanquo.pezone.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On ons, 2011-08-10 at 19:29 +0100, Dave Page wrote:
> On Wed, Aug 10, 2011 at 7:06 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> > I would like to see whether there is support for adding sha1 and sha2
> > functions into the core. These are obviously well-known and widely used
> > functions, but currently the only way to get them is either through
> > pgcrypto or one of the PLs. We could say that's OK, but then we do
> > support md5 in core, which then encourages people to use that, when they
> > really shouldn't use that for new applications.
>
> Slightly different, but related - I've seen complaints that we only
> use md5 for password storage/transmission, which is apparently not
> acceptable under some government security standards. In the most
> recent case, they wanted to be able to use sha256 for password storage
> (transmission isn't really an issue where SSL can be used of course).

Yeah, that's one of those things. These days, using md5 for anything
raises red flags, so it would be better to slowly move some alternatives
into place.

> If we're ready to move more hashing functions into core, then it seems
> reasonable to add more options for password storage to help those who
> need to meet mandated standards.

Yes, that would be good.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2011-08-10 18:45:08 "pgstat wait timeout" warnings
Previous Message Dave Page 2011-08-10 18:29:51 Re: sha1, sha2 functions into core?