Re: SHA-1 vs MD5

From: "Chad Wagner" <chad(dot)wagner(at)gmail(dot)com>
To: "Ezequias Rodrigues da Rocha" <ezequias(dot)rocha(at)gmail(dot)com>
Cc: PostgreSQL <pgsql-sql(at)postgresql(dot)org>
Subject: Re: SHA-1 vs MD5
Date: 2007-03-08 14:52:29
Message-ID: 81961ff50703080652o41274e2djc5b789fb4da9bd27@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-sql

On 3/8/07, Ezequias Rodrigues da Rocha <ezequias(dot)rocha(at)gmail(dot)com> wrote:
>
> I really don't have the pgcrypto. It could be a nice alternative. Could
> you tell me the steps to install it ?

This should help you out:

http://www.postgresql.org/docs/8.2/static/external-extensions.html
http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/README?rev=1.91;content-type=text%2Fplain

I am very concerned about security in my application becouse we are going to
> moviment a large ammount of information and money. As much i take care of it
> as good.

SHA1 and MD5 are hashing algorithms, they are typically used for passwords
and in conjunction with public key encryption or over-the-wire encryption to
sign the message. If you are really concerned about security, you may want
to hire an experienced person in the security engineering field. Especially
if you are talking about financial information.

I know some problem of MD5 and know it is very good too. If someone could
> tell me where MD5 is used I could be more relaxed.

The impression I get is that SHA-256, SHA-384, or SHA-512 are the preferred
hashing algorithms, but I really don't keep up on it. Many many password
systems use MD5, I think it is reasonably safe.

In response to

Responses

Browse pgsql-sql by date

  From Date Subject
Next Message Greg Toombs 2007-03-08 18:01:51 A form of inheritance with PostgreSQL
Previous Message Ezequias Rodrigues da Rocha 2007-03-08 11:39:26 Re: SHA-1 vs MD5