From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | sanjay sharma <sanksh(at)hotmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Greg Sabino Mullane <greg(at)turnstep(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [GENERAL] SHA1 on postgres 8.3 |
Date: | 2008-04-02 17:20:14 |
Message-ID: | 47F3C04E.6060901@dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
sanjay sharma wrote:
> Hi Tom,
>
> md5 is not being recommended anywhere because it contains hash
> collision. Therefore either it should be replaced with SHA1 or any
> other good hash algorithm or taken out of core completely. md5 in core
> is worthless now.I am not using it in my application. I am using SHA1
> in client/web tier for password hashing.
>
> Would replacing md5 with SHA1 in core involve much work?
sanjay - please do not top-answer, especially when others have put their
answers below.
MD5 is not broken for purposes that would require a pre-image attack,
AIUI. That means there is a whole series of uses for which it is still
quite OK, including password hashing.
That said, there might well be a reason for including a
collision-resistant hash function in core without including the whole of
pg_crypto.
cheers
andrew
From | Date | Subject | |
---|---|---|---|
Next Message | Martijn van Oosterhout | 2008-04-02 17:23:13 | Re: (FAQ?) JOIN condition - 'WHERE NULL = NULL' |
Previous Message | Peter Eisentraut | 2008-04-02 17:16:53 | Re: [GENERAL] SHA1 on postgres 8.3 |
From | Date | Subject | |
---|---|---|---|
Next Message | David Fetter | 2008-04-02 17:23:56 | Re: [GENERAL] SHA1 on postgres 8.3 |
Previous Message | Peter Eisentraut | 2008-04-02 17:16:53 | Re: [GENERAL] SHA1 on postgres 8.3 |