Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Re: US VISA CISP PCI comp. needs SHA1
Matthew Wetmore wrote: > Not sure if I posted in correct spot.... > > > pg_8.2.6 > Centos5 > Windows based app. > encryped pwd = yes > SSL = yes, > hostssl with explicit IP w/md5. (no pg_crypto) > > > > We are in process of VISA CISP PCI compliance for our application. > (online cc auth - no stored cc data) [next phase will include stored cc > data] > > We just heard back today that they would like to use SHA1 for pwd auth. > > does anyone have any doco that will support md5 vs. SHA1? > > We also have global customers so we understand the us v non-US export stuff. > > Any direction is appreciated. > > > You could use pg_crypto plus application level passwords. As has been pointed out elsewhere, there is no security virtue in swapping MD5 password hashing in Postgres for SHA1. cheers andrew
In response to
- US VISA CISP PCI comp. needs SHA1 at 2008-04-02 17:24:02 from Matthew Wetmore
pgsql-hackers by date
Next: From: Peter Eisentraut Date: 2008-04-02 18:28:00 Subject: Re: [GENERAL] SHA1 on postgres 8.3 Previous: From: Greg Smith Date: 2008-04-02 17:58:03 Subject: Patch queue -> wiki (was varadic patch)