From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | Dave Page <dpage(at)pgadmin(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: sha1, sha2 functions into core? |
Date: | 2012-08-15 03:11:23 |
Message-ID: | 20120815031123.GB25473@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Is there a TODO here?
---------------------------------------------------------------------------
On Wed, Aug 10, 2011 at 09:43:18PM +0300, Peter Eisentraut wrote:
> On ons, 2011-08-10 at 19:29 +0100, Dave Page wrote:
> > On Wed, Aug 10, 2011 at 7:06 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> > > I would like to see whether there is support for adding sha1 and sha2
> > > functions into the core. These are obviously well-known and widely used
> > > functions, but currently the only way to get them is either through
> > > pgcrypto or one of the PLs. We could say that's OK, but then we do
> > > support md5 in core, which then encourages people to use that, when they
> > > really shouldn't use that for new applications.
> >
> > Slightly different, but related - I've seen complaints that we only
> > use md5 for password storage/transmission, which is apparently not
> > acceptable under some government security standards. In the most
> > recent case, they wanted to be able to use sha256 for password storage
> > (transmission isn't really an issue where SSL can be used of course).
>
> Yeah, that's one of those things. These days, using md5 for anything
> raises red flags, so it would be better to slowly move some alternatives
> into place.
>
> > If we're ready to move more hashing functions into core, then it seems
> > reasonable to add more options for password storage to help those who
> > need to meet mandated standards.
>
> Yes, that would be good.
>
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
From | Date | Subject | |
---|---|---|---|
Next Message | Kevin Grittner | 2012-08-15 03:12:05 | Re: default_isolation_level='serializable' crashes on Windows |
Previous Message | Bruce Momjian | 2012-08-15 03:00:33 | Re: -Wformat-zero-length |