Re: [GENERAL] SHA1 on postgres 8.3

On Sun, Jan 20, 2008 at 01:42:21PM -0500, Tom Lane wrote:
> "Greg Sabino Mullane" <greg@turnstep.com> writes:
> > In summary: what would objections be to my writing a sha1() patch? 
> 
> Mainly that no one else is dissatisfied with the current split
> between core and pgcrypto.
> 
> The only reason md5() is in core is to support encryption of
> passwords in pg_shadow.  There are good reasons not to have any more
> crypto capability in core than we absolutely have to; mainly to do
> with benighted laws in some countries.

Is there any country with laws so benighted that they restrict secure
hashing algorithms?  Right now, there's a contest between SHA1 and
MD5 as to which one gets broken first, and SHA1 appears to be in the
lead.  SHAn for n>1 could preempt the awfulness of losing this race.

Cheers,
David.
-- 
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter@gmail.com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate