From: | Florian Weimer <fweimer(at)bfk(dot)de> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | David Fetter <david(at)fetter(dot)org>, Greg Sabino Mullane <greg(at)turnstep(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [GENERAL] SHA1 on postgres 8.3 |
Date: | 2008-01-21 15:38:28 |
Message-ID: | 82lk6jp4sr.fsf@mid.bfk.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
* Tom Lane:
>> MD5 is broken in the sense that you can create two or more meaningful
>> documents with the same hash.
>
> Note that this isn't actually very interesting for the purpose for
> which the md5() function was put into core: namely, hashing passwords
> before they are stored in pg_authid.
No doubt about that. But there are checklists out there, and if you
use MD5 at some point, you need to go to some lengths to explain that
it's okay. That's why I can understand the desire to have sha1 easily
available (even though SHA-1 isn't much better, really, and the
difference doesn't actually matter for many application).
It's a bit like justifying that you don't need a virus scanner on your
non-Windows server or database server. 8-P
BTW, I'd like to see MD5/SHA-1 for BYTEA, not just TEXT, and with a
BYTEA return value. Does pgcrypto provide that?
--
Florian Weimer <fweimer(at)bfk(dot)de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
From | Date | Subject | |
---|---|---|---|
Next Message | Henrik | 2008-01-21 15:57:45 | Re: PG-8.2 backup strategies |
Previous Message | Tom Lane | 2008-01-21 15:33:13 | Re: [GENERAL] SHA1 on postgres 8.3 |
From | Date | Subject | |
---|---|---|---|
Next Message | Gregory Stark | 2008-01-21 15:58:53 | Re: Anyone tried PG with Perl 5.10? |
Previous Message | Tom Lane | 2008-01-21 15:33:13 | Re: [GENERAL] SHA1 on postgres 8.3 |