From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Marko Kreen <markokr(at)gmail(dot)com> |
Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Dave Page <dpage(at)pgadmin(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: sha1, sha2 functions into core? |
Date: | 2012-08-15 13:48:43 |
Message-ID: | 2415.1345038523@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Marko Kreen <markokr(at)gmail(dot)com> writes:
> On Wed, Aug 15, 2012 at 6:11 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>> Is there a TODO here?
> There is still open ToDecide here: [snip]
The argument against moving crypto code into core remains the same as it
was, ie export regulations. I don't see that that situation has changed
at all. Thus, I think we should leave all the pgcrypto code where it
is, in an extension that's easily separated out by anybody who's
concerned about legal restrictions. The recent improvements in the ease
of installing extensions have made it even less interesting than it used
to be to merge extension-supported code into core --- if anything, we
ought to be trying to move functionality the other way.
If anybody's concerned about the security of our password storage,
they'd be much better off working on improving the length and randomness
of the salt string than replacing the md5 hash per se.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2012-08-15 14:05:54 | Re: Don't allow relative path for copy from file |
Previous Message | Tom Lane | 2012-08-15 13:39:38 | Re: [COMMITTERS] pgsql: Revert "commit_delay" change; just add comment that we don't hav |