Re: [GENERAL] SHA1 on postgres 8.3

Skip site navigation (1) Skip section navigation (2)

Peripheral Links

Text Size: Normal / Large
Donate
Contact

The world's most advanced open source database.

Re: [GENERAL] SHA1 on postgres 8.3

From:	sanjay sharma <sanksh(at)hotmail(dot)com>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Greg Sabino Mullane <greg(at)turnstep(dot)com>
Cc:	<pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: [GENERAL] SHA1 on postgres 8.3
Date:	2008-04-02 16:38:17
Message-ID:	BAY116-W48B144FFD87AB711399568C3F40@phx.gbl (view raw or flat)
Thread:
Lists:	pgsql-generalpgsql-hackers

Hi Tom,
 
md5 is not being recommended anywhere because it contains hash collision. Therefore either it should be replaced with SHA1 or any other good hash algorithm or taken out of core completely. md5 in core is worthless now.I am not using it in my application. I am using SHA1 in client/web tier for password hashing. 
 
Would replacing md5 with SHA1 in core involve much work?
 
Sanjay Sharma> To: greg(at)turnstep(dot)com> CC: pgsql-hackers(at)postgresql(dot)org> Subject: Re: [HACKERS] [GENERAL] SHA1 on postgres 8.3 > Date: Wed, 2 Apr 2008 11:38:31 -0400> From: tgl(at)sss(dot)pgh(dot)pa(dot)us> > "Greg Sabino Mullane" <greg(at)turnstep(dot)com> writes:> > I don't agree that we should just close discussion. Nobody seems happy> > with the status quo, which is that we provide md5 but not sha1,> > There may be a few people who are unhappy, but the above claim seems> vastly overblown. md5 is sufficient for the purpose it is intended> for in core postgres (namely, obscuring the true source text of> passwords), and if you have needs much beyond that you'll soon be> installing pgcrypto anyway.> > regards, tom lane> > -- > Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)> To make changes to your subscription:> http://www.postgresql.org/mailpref/pgsql-hackers
_________________________________________________________________
Tried the new MSN Messenger? It’s cool! Download now.
http://messenger.msn.com/Download/Default.aspx?mkt=en-in

In response to

Re: [GENERAL] SHA1 on postgres 8.3 at 2008-04-02 15:38:31 from Tom Lane

Responses

Re: [GENERAL] SHA1 on postgres 8.3 at 2008-04-02 17:05:14 from Tom Lane
Re: [GENERAL] SHA1 on postgres 8.3 at 2008-04-02 17:20:14 from Andrew Dunstan
Re: [GENERAL] SHA1 on postgres 8.3 at 2008-04-02 17:28:16 from Peter Eisentraut

pgsql-hackers by date

Next: From: Steve Crawford Date: 2008-04-02 16:43:20

Subject: Re: [GENERAL] SHA1 on postgres 8.3

Previous: From: Alvaro Herrera Date: 2008-04-02 16:33:24

Subject: Re: Several tags around PostgreSQL 7.1 broken

pgsql-general by date

Next: From: Steve Crawford Date: 2008-04-02 16:43:20

Subject: Re: [GENERAL] SHA1 on postgres 8.3

Previous: From: David Fetter Date: 2008-04-02 16:32:10

Subject: Re: [GENERAL] SHA1 on postgres 8.3

Next:	From: Steve Crawford	Date: 2008-04-02 16:43:20
	Subject: Re: [GENERAL] SHA1 on postgres 8.3
Previous:	From: Alvaro Herrera	Date: 2008-04-02 16:33:24
	Subject: Re: Several tags around PostgreSQL 7.1 broken

Search

Peripheral Links

Re: [GENERAL] SHA1 on postgres 8.3

In response to

Responses

pgsql-hackers by date

pgsql-general by date