| From: | Brian Mathis <brian(dot)mathis(at)gmail(dot)com> |
|---|---|
| To: | Bruno Wolff III <bruno(at)wolff(dot)to>, Bohdan Linda <bohdan(dot)linda(at)seznam(dot)cz>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: SHA1 authentication |
| Date: | 2005-10-27 20:27:58 |
| Message-ID: | 183c528b0510271327s464fac54jcf5bd3a3c80a848@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 10/27/05, Bruno Wolff III <bruno(at)wolff(dot)to> wrote:
>
> On Mon, Oct 24, 2005 at 11:33:50 +0200,
> Martijn van Oosterhout <kleptog(at)svana(dot)org> wrote:
> >
> > By all means, submit a patch but there's no real hurry right now. We
> > should probably move straight to something more secure anyway, maybe
> > SHA-256 or something.
>
> This makes more sense. There is little point in going to the effort to
> changing to SHA-1 only to change again later.
> There isn't any hurry to change now, so it might be better to wait until
> the next group of hash functions is designed, built on lessons learned
> from
> the attacks against MD5 and SHA-1.
>
It might be a good step to go through and figure out what needs to be
changed, then implement a plugin type system to reduce the need for changes
when the next generation of hashes gets "broken". It might even allow for
authentication to external sources, like LDAP or some other plugin.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Marlowe | 2005-10-27 20:31:56 | Re: Why database is corrupted after re-booting |
| Previous Message | Keith C. Perry | 2005-10-27 20:14:04 | Re: Why database is corrupted after re-booting |