Re: sha1, sha2 functions into core?

Is there a TODO here?

---------------------------------------------------------------------------

On Wed, Aug 10, 2011 at 09:43:18PM +0300, Peter Eisentraut wrote:
> On ons, 2011-08-10 at 19:29 +0100, Dave Page wrote:
> > On Wed, Aug 10, 2011 at 7:06 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> > > I would like to see whether there is support for adding sha1 and sha2
> > > functions into the core. These are obviously well-known and widely used
> > > functions, but currently the only way to get them is either through
> > > pgcrypto or one of the PLs. We could say that's OK, but then we do
> > > support md5 in core, which then encourages people to use that, when they
> > > really shouldn't use that for new applications.
> >
> > Slightly different, but related - I've seen complaints that we only
> > use md5 for password storage/transmission, which is apparently not
> > acceptable under some government security standards. In the most
> > recent case, they wanted to be able to use sha256 for password storage
> > (transmission isn't really an issue where SSL can be used of course).
>
> Yeah, that's one of those things. These days, using md5 for anything
> raises red flags, so it would be better to slowly move some alternatives
> into place.
>
> > If we're ready to move more hashing functions into core, then it seems
> > reasonable to add more options for password storage to help those who
> > need to meet mandated standards.
>
> Yes, that would be good.
>
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +