Re: [GENERAL] SHA1 on postgres 8.3

On Wed, Apr 02, 2008 at 01:07:01PM -0000, Greg Sabino Mullane wrote:
> 
> > There isn't enough agreement to move some things from pgcrypto to
> > the core so this thread is being removed from the patch queue.
> 
> I don't agree that we should just close discussion. Nobody seems
> happy with the status quo, which is that we provide md5 but not
> sha1, and are thus encouraging people to use md5 everywhere. At the
> very least, I think we need to add sha1. Adding sha* would be
> better, and adding other hashes would be better still (and make PG a
> better product, in my opinion: having things builtin vs. contrib is
> a huge distinction).
> 
> I'd also like to emphasize that this is not a pgcrypto issue: while
> it provides the same functionality that this proposal does, so does
> creating a Pl/Perl function, which is the route I usually go, as it
> is much easier and portable. So I see this as adding missing
> features to core. We will obviously never replace pgcrypto entirely,
> due to the silly state of encryption legislation.

Just exactly which encryption legislation are we talking about here?

I know there was some fuss about this issue back in the early 1990s,
but that was many, many law changes and court cases ago, world-wide.
It's far from clear to me that there's any reason other than inertia
not to roll the crypto stuff into the core functionality and have
done.

Cheers,
David.
-- 
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter@gmail.com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate