Re: [GENERAL] SHA1 on postgres 8.3

Mark Mielke wrote:
> This presumes that better hashes truly exist. It is basic math to show 
> that all hashes will include collisions. Ignoring the possibility that 
> one hash has theoretical better distribution for real documents, the 
> real "benefit" of SHA-1 over MD5, is that it has more bits. The 
> "ultimate" solution here, is to store the original using the "full 
> copy" hash technique, with 0 chance of collision. This extreme defeats 
> the purpose of a hash to start with.
>
> Why does PostgreSQL need something better than md5 as part of core? 
> Bragging rights?
Having more than one hash algorithm significantly decreases the risk of 
(common) collisions.

As a non-developer (who does track most messages on the list anyways), I 
surely find the SHA* functions will add significantly value and they 
should be easy to install (well-defined functions) with no maintainance 
afterwards.
Hashes are an absolute minimum for keeping passwords stored somehat 
safely in a database.

More two or even three different hashes with different collion-points 
will strongly increase the security.