Skip site navigation (1) Skip section navigation (2)

Re: Crypto

From: David Fetter <david(at)fetter(dot)org>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Crypto
Date: 2009-09-19 16:17:19
Message-ID: 20090919161719.GC31599@fetter.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Sat, Sep 19, 2009 at 11:50:35AM -0400, Andrew Dunstan wrote:
>
>
> David Fetter wrote:
>> I suggest that we start by putting secure hashing algorithms into the
>> core distribution so, should MD5 ever break, we have real
>> alternatives, and not done in a panic.
>
> Doing that now would be quite premature. Which algorithm would we choose?
>
> And there is no urgency at all about it, since AIUI an attack on our use  
> of it would require a preimage attack:
>
>    At the time of this writing, there are no practical preimage
>    attacks, meaning that if your use of hashes is only susceptible to
>    preimage attacks, even MD5 is just fine because at attacker would
>    have to make 2^128 guesses, which will be infeasable for many
>    decades (if ever). (quoted from  <http://www.vpnc.org/hash.html>)
>
>
> The time for us to look at this again is more properly when the NIST  
> SHA-3 competition ends, I believe. That's at least a couple of years  
> away. See <http://csrc.nist.gov/groups/ST/hash/timeline.html>

OK

> As for the suggestion that we should put other crypto functions into
> the  core, AIUI the reason not to is not to avoid problems with US
> Export  Regulations (after all, we've shipped source tarballs with
> it for many years, including from US repositories), but to make it
> easier to use Postgres in places where use of crypto is illegal.

To date, I have not found an example of such a place.  For the record,
would you or anyone seeing this be so kind as to provide one, along
with some kind of evidence that somewhere, such a law has actually
been enforced?

> What benefit would we  gain from making general crypto part of the
> core?

People may wish to encrypt things in the database.

Cheers,
David.
-- 
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david(dot)fetter(at)gmail(dot)com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

In response to

  • Re: Crypto at 2009-09-19 15:50:35 from Andrew Dunstan

Responses

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2009-09-19 16:18:01
Subject: Re: updated hstore patch
Previous:From: Decibel!Date: 2009-09-19 15:56:53
Subject: Re: PGCon/West in Seattle

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group