Re: [GENERAL] SHA1 on postgres 8.3

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: "Greg Sabino Mullane" <greg(at)turnstep(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: [GENERAL] SHA1 on postgres 8.3
Date: 2008-04-02 15:49:28
Message-ID: 20080402174928.0e6d2f81@mha-laptop
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-hackers

Tom Lane wrote:
> "Greg Sabino Mullane" <greg(at)turnstep(dot)com> writes:
> > I don't agree that we should just close discussion. Nobody seems
> > happy with the status quo, which is that we provide md5 but not
> > sha1,
>
> There may be a few people who are unhappy, but the above claim seems
> vastly overblown. md5 is sufficient for the purpose it is intended
> for in core postgres (namely, obscuring the true source text of
> passwords), and if you have needs much beyond that you'll soon be
> installing pgcrypto anyway.

I think that claim is completely incorrect.

A lot of people use the md5() function in PostgreSQL today to hash
the passwords for the users of whatever webbapp they are running. It
only uses one account to connect to PostgreSQL and handles the rest of
the auth elsewhere in the app. These users would like to have sha1
(and/or other securer hashes). And they would like it in -core, because
their hosting company don't install the contrib modules.

//Magnus

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message carty mc 2008-04-02 15:54:25 Re: dblink ,dblink_exec not participating in a Transaction??
Previous Message Tom Lane 2008-04-02 15:38:31 Re: [GENERAL] SHA1 on postgres 8.3

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2008-04-02 15:50:00 Re: varadic patch
Previous Message Bruce Momjian 2008-04-02 15:48:02 Re: varadic patch