Skip site navigation (1) Skip section navigation (2)

Re: [GENERAL] SHA1 on postgres 8.3

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: sanjay sharma <sanksh(at)hotmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Greg Sabino Mullane <greg(at)turnstep(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: [GENERAL] SHA1 on postgres 8.3
Date: 2008-04-02 17:20:14
Message-ID: 47F3C04E.6060901@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-generalpgsql-hackers

sanjay sharma wrote:
> Hi Tom,
>  
> md5 is not being recommended anywhere because it contains hash 
> collision. Therefore either it should be replaced with SHA1 or any 
> other good hash algorithm or taken out of core completely. md5 in core 
> is worthless now.I am not using it in my application. I am using SHA1 
> in client/web tier for password hashing.
>  
> Would replacing md5 with SHA1 in core involve much work?

sanjay - please do not top-answer, especially when others have put their 
answers below.

MD5 is not broken for purposes that would require a pre-image attack, 
AIUI. That means there is a whole series of uses for which it is still 
quite OK, including password hashing.

That said, there might well be a reason for including a 
collision-resistant hash function in core without including the whole of 
pg_crypto.

cheers

andrew


In response to

pgsql-hackers by date

Next:From: David FetterDate: 2008-04-02 17:23:56
Subject: Re: [GENERAL] SHA1 on postgres 8.3
Previous:From: Peter EisentrautDate: 2008-04-02 17:16:53
Subject: Re: [GENERAL] SHA1 on postgres 8.3

pgsql-general by date

Next:From: Martijn van OosterhoutDate: 2008-04-02 17:23:13
Subject: Re: (FAQ?) JOIN condition - 'WHERE NULL = NULL'
Previous:From: Peter EisentrautDate: 2008-04-02 17:16:53
Subject: Re: [GENERAL] SHA1 on postgres 8.3

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group