Re: sha1, sha2 functions into core?

From: Dave Page <dpage(at)pgadmin(dot)org>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: sha1, sha2 functions into core?
Date: 2011-08-10 18:29:51
Message-ID: CA+OCxozhk85bcQNHk1xcEneMMo2M60tgrusFwecRADt-0n=BNg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Aug 10, 2011 at 7:06 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> I would like to see whether there is support for adding sha1 and sha2
> functions into the core.  These are obviously well-known and widely used
> functions, but currently the only way to get them is either through
> pgcrypto or one of the PLs.  We could say that's OK, but then we do
> support md5 in core, which then encourages people to use that, when they
> really shouldn't use that for new applications.

Slightly different, but related - I've seen complaints that we only
use md5 for password storage/transmission, which is apparently not
acceptable under some government security standards. In the most
recent case, they wanted to be able to use sha256 for password storage
(transmission isn't really an issue where SSL can be used of course).

If we're ready to move more hashing functions into core, then it seems
reasonable to add more options for password storage to help those who
need to meet mandated standards.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2011-08-10 18:43:18 Re: sha1, sha2 functions into core?
Previous Message Alvaro Herrera 2011-08-10 18:27:47 Re: SHOW command always returns text field