From:
Bruce Momjian <bruce(at)momjian(dot)us>
To:
Bruce Momjian <bruce(at)momjian(dot)us>
Cc:
Marko Kreen <markokr(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,
Florian Weimer <fweimer(at)bfk(dot)de>, David Fetter <david(at)fetter(dot)org>,
Greg Sabino Mullane <greg(at)turnstep(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject:
Re: [GENERAL] SHA1 on postgres 8.3
Date:
2008-04-02 03:06:26
Message-ID:
200804020306.m3236QQ00410@momjian.us (view raw or flat )
Thread:
2008-01-20 08:21:01 from Jon Hancock <redstarling(at)gmail(dot)com>
2008-01-20 16:38:46 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2008-01-22 05:26:58 from Julio Cesar Sánchez González <knowhow(at)sistemasyconectividad(dot)com(dot)mx>
2008-01-20 17:24:11 from "Greg Sabino Mullane" <greg(at)turnstep(dot)com>
2008-01-20 17:59:56 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2008-01-20 18:12:55 from Magnus Hagander <magnus(at)hagander(dot)net>
2008-01-20 18:06:49 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2008-01-20 18:47:12 from Joe Conway <mail(at)joeconway(dot)com>
2008-01-20 18:42:21 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-01-20 20:35:23 from David Fetter <david(at)fetter(dot)org>
2008-01-21 07:53:14 from Florian Weimer <fweimer(at)bfk(dot)de>
2008-01-21 15:33:13 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-01-21 15:38:28 from Florian Weimer <fweimer(at)bfk(dot)de>
2008-01-21 16:02:48 from "Marko Kreen" <markokr(at)gmail(dot)com>
2008-01-21 16:16:57 from "Marko Kreen" <markokr(at)gmail(dot)com>
2008-01-28 18:56:30 from Bruce Momjian <bruce(at)momjian(dot)us>
2008-01-28 20:15:54 from "Greg Sabino Mullane" <greg(at)turnstep(dot)com>
2008-01-29 08:06:45 from "Marko Kreen" <markokr(at)gmail(dot)com>
2008-01-29 08:10:13 from Florian Weimer <fweimer(at)bfk(dot)de>
2008-04-02 03:06:26 from Bruce Momjian <bruce(at)momjian(dot)us>
2008-04-02 09:32:30 from Magnus Hagander <magnus(at)hagander(dot)net>
2008-04-02 23:03:09 from Bruce Momjian <bruce(at)momjian(dot)us>
2008-04-02 13:07:01 from "Greg Sabino Mullane" <greg(at)turnstep(dot)com>
2008-04-02 15:38:31 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-04-02 15:49:28 from Magnus Hagander <magnus(at)hagander(dot)net>
2008-04-02 20:34:09 from Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
2008-04-02 20:53:09 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-04-02 21:09:14 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-02 21:17:59 from Andrew Sullivan <ajs(at)crankycanuck(dot)ca>
2008-04-02 23:41:16 from Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
2008-04-03 00:15:49 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-03 00:42:08 from Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
2008-04-03 09:11:29 from "Tom Dunstan" <pgsql(at)tomd(dot)cc>
2008-04-03 00:55:52 from "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
2008-04-03 16:31:01 from Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
2008-04-03 16:57:57 from "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
2008-04-03 17:06:25 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-03 17:27:03 from "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
2008-04-03 17:39:09 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2008-04-03 17:42:33 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-03 17:30:11 from "Tom Dunstan" <pgsql(at)tomd(dot)cc>
2008-04-03 17:44:34 from Aidan Van Dyk <aidan(at)highrise(dot)ca>
2008-04-06 18:28:59 from Tino Wildenhain <tino(at)wildenhain(dot)de>
2008-04-03 07:12:58 from Magnus Hagander <magnus(at)hagander(dot)net>
2008-04-03 11:33:42 from "Zeugswetter Andreas OSB SD" <Andreas(dot)Zeugswetter(at)s-itsolutions(dot)at>
2008-04-03 12:23:43 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-03 13:54:11 from "Greg Sabino Mullane" <greg(at)turnstep(dot)com>
2008-04-03 14:01:38 from Aidan Van Dyk <aidan(at)highrise(dot)ca>
2008-04-03 16:21:29 from Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
2008-04-03 16:50:28 from Steve Atkins <steve(at)blighty(dot)com>
2008-04-03 14:55:39 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-03 15:33:05 from "Tom Dunstan" <pgsql(at)tomd(dot)cc>
2008-04-03 15:47:12 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2008-04-03 16:15:52 from "Tom Dunstan" <pgsql(at)tomd(dot)cc>
2008-04-03 16:22:14 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2008-04-03 16:38:12 from "Brendan Jurd" <direvus(at)gmail(dot)com>
2008-04-03 19:03:43 from Darcy Buskermolen <darcyb(at)commandprompt(dot)com>
2008-04-03 19:24:55 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2008-04-04 15:05:44 from Greg Smith <gsmith(at)gregsmith(dot)com>
2008-04-04 20:27:43 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-04-04 21:17:48 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-04 22:20:10 from Gregory Stark <stark(at)enterprisedb(dot)com>
2008-04-03 16:00:41 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2008-04-04 05:18:37 from Jeremy Drake <pgsql(at)jdrake(dot)com>
2008-04-04 08:53:31 from "Tom Dunstan" <pgsql(at)tomd(dot)cc>
2008-04-04 09:06:01 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2008-04-04 13:15:31 from Aidan Van Dyk <aidan(at)highrise(dot)ca>
2008-04-04 13:35:15 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-04 13:49:40 from Aidan Van Dyk <aidan(at)highrise(dot)ca>
2008-04-04 14:17:30 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-04 15:03:01 from Aidan Van Dyk <aidan(at)highrise(dot)ca>
2008-04-04 18:52:34 from Gregory Stark <stark(at)enterprisedb(dot)com>
2008-04-04 19:12:23 from Aidan Van Dyk <aidan(at)highrise(dot)ca>
2008-04-04 20:12:44 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-04-05 00:22:51 from Aidan Van Dyk <aidan(at)highrise(dot)ca>
2008-04-05 00:33:03 from "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
2008-04-05 01:17:10 from Gregory Stark <stark(at)enterprisedb(dot)com>
2008-04-05 07:03:05 from "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
2008-04-05 07:18:07 from PFC <lists(at)peufeu(dot)com>
2008-04-05 15:18:07 from "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
2008-04-05 09:43:47 from Gregory Stark <stark(at)enterprisedb(dot)com>
2008-04-05 01:53:56 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-05 02:59:44 from Aidan Van Dyk <aidan(at)highrise(dot)ca>
2008-04-05 11:41:20 from Martijn van Oosterhout <kleptog(at)svana(dot)org>
2008-04-05 12:07:27 from "Tom Dunstan" <pgsql(at)tomd(dot)cc>
2008-04-04 20:26:07 from "Tom Dunstan" <pgsql(at)tomd(dot)cc>
2008-04-04 20:50:34 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-04-04 21:00:17 from Gregory Stark <stark(at)enterprisedb(dot)com>
2008-04-03 16:35:31 from "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
2008-04-03 16:41:57 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2008-04-03 16:46:30 from "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net>
2008-04-03 16:55:16 from "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
2008-04-03 23:28:48 from Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
2008-04-03 14:23:02 from "Greg Sabino Mullane" <greg(at)turnstep(dot)com>
2008-04-03 15:32:37 from Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
2008-04-03 16:14:17 from Svenne Krap <svenne(at)krap(dot)dk>
2008-04-03 16:28:40 from Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
2008-04-03 17:07:56 from Svenne Krap <svenne(at)krap(dot)dk>
2008-04-03 17:16:39 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-03 18:23:04 from Sam Mason <sam(at)samason(dot)me(dot)uk>
2008-04-03 22:06:03 from Svenne Krap <svenne(at)krap(dot)dk>
2008-04-04 00:37:30 from Sam Mason <sam(at)samason(dot)me(dot)uk>
2008-04-03 23:42:47 from Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>
2008-04-04 01:01:57 from Sam Mason <sam(at)samason(dot)me(dot)uk>
2008-04-03 17:36:38 from Svenne Krap <svenne(at)krap(dot)dk>
2008-04-03 20:27:44 from Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
2008-04-03 21:12:11 from Heikki Linnakangas <heikki(at)enterprisedb(dot)com>
2008-04-03 21:39:30 from Svenne Krap <svenne(at)krap(dot)dk>
2008-04-03 16:52:45 from Sam Mason <sam(at)samason(dot)me(dot)uk>
2008-04-02 16:38:17 from sanjay sharma <sanksh(at)hotmail(dot)com>
2008-04-02 17:05:14 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-04-02 17:20:14 from Andrew Dunstan <andrew(at)dunslane(dot)net>
2008-04-02 17:28:16 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2008-04-02 16:13:13 from David Fetter <david(at)fetter(dot)org>
2008-04-02 16:27:15 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-04-02 16:32:10 from David Fetter <david(at)fetter(dot)org>
2008-04-02 16:43:20 from Steve Crawford <scrawford(at)pinpointresearch(dot)com>
2008-04-02 16:49:38 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-04-02 16:55:09 from David Fetter <david(at)fetter(dot)org>
2008-04-02 17:00:46 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2008-04-02 17:16:53 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2008-04-02 17:23:56 from David Fetter <david(at)fetter(dot)org>
2008-04-02 18:28:00 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2008-01-21 08:08:38 from "Marko Kreen" <markokr(at)gmail(dot)com>
Lists:
pgsql-general pgsql-hackers
There isn't enough agreement to move some things from pgcrypto to the
core so this thread is being removed from the patch queue.
---------------------------------------------------------------------------
Bruce Momjian wrote:
>
> I am not thrilled about moving _some_ of pgcrypto into the backend ---
> pgcrypto right now seems well designed and if we pull part of it out it
> seems it will be less clear than what we have now. Perhaps we just need
> to document that md5() isn't for general use and some function in
> pgcrypto should be used instead?
>
> ---------------------------------------------------------------------------
>
> Marko Kreen wrote:
> > On 1/21/08, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > > > MD5 is broken in the sense that you can create two or more meaningful
> > > > documents with the same hash.
> > >
> > > Note that this isn't actually very interesting for the purpose for
> > > which the md5() function was put into core: namely, hashing passwords
> > > before they are stored in pg_authid.
> >
> > Note: this was bad idea. The function that should have been
> > added to core would be pg_password_hash(username, password).
> >
> > Adding md5() lessens incentive to install pgcrypto or push/accept
> > digest() into core and gives impression there will be sha1(), etc
> > in the future.
> >
> > Now users who want to store passwords in database (the most
> > popular usage) will probably go with md5() without bothering
> > with pgcrypto. They probably see "Postgres itself uses MD5 too",
> > without realizing their situation is totally different from
> > pg_authid one.
> >
> > It's like we have solution that is ACID-compliant 99% of the time in core,
> > so why bother with 100% one.
> >
> > --
> > marko
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 4: Have you searched our list archives?
> >
> > http://archives.postgresql.org
>
> --
> Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
> EnterpriseDB http://postgres.enterprisedb.com
>
> + If your life is a hard drive, Christ can be your backup. +
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
In response to
Responses
pgsql-hackers by date
Next :From: Richard WangDate: 2008-04-02 06:12:03Subject : bug in float8in()Previous :From : Greg SmithDate : 2008-04-02 03:03:27Subject : Re: build multiple indexes in single table pass?
pgsql-general by date
Next :From: Craig RingerDate: 2008-04-02 03:12:23Subject : Re: Primary Key with serial the solution?Previous :From : Douglas McNaughtDate : 2008-04-02 02:10:58Subject : Re: dblink ,dblink_exec not participating in a Transaction??
