From: | Heikki Linnakangas <heikki(at)enterprisedb(dot)com> |
---|---|
To: | Mark Mielke <mark(at)mark(dot)mielke(dot)cc> |
Cc: | Svenne Krap <svenne(at)krap(dot)dk>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [GENERAL] SHA1 on postgres 8.3 |
Date: | 2008-04-03 21:12:11 |
Message-ID: | 47F5482B.7000400@enterprisedb.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
Mark Mielke wrote:
> In any case, this is all irrelevant, because md5 passwords are still
> very useful, and the argument that "more = better" is a never ending
> infinite resource trap. More is not better. Better is better. If you can
> prove md5 is insufficient for PostgreSQL passwords, the correct decision
> would be to switch to something better, and deprecate md5 from the core.
Agreed.
One must also remember that if you use two hashes, if *either* one of
them is broken in the future so that you can reconstruct the password
from the hash, you're screwed.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Andreas | 2008-04-03 21:15:27 | Re: PG 8.3.x doesn't get build |
Previous Message | Mark Mielke | 2008-04-03 20:27:44 | Re: [GENERAL] SHA1 on postgres 8.3 |
From | Date | Subject | |
---|---|---|---|
Next Message | Nikolay Samokhvalov | 2008-04-03 21:19:59 | Row estimation for "var <> const" and for "NOT (...)" queries |
Previous Message | Alvaro Herrera | 2008-04-03 20:57:51 | Re: GUC parameter cursors_tuple_fraction |