David Fetter wrote:
> I suggest that we start by putting secure hashing algorithms into the
> core distribution so, should MD5 ever break, we have real
> alternatives, and not done in a panic.
>
>
>
Doing that now would be quite premature. Which algorithm would we choose?
And there is no urgency at all about it, since AIUI an attack on our use
of it would require a preimage attack:
At the time of this writing, there are no practical preimage attacks, meaning that if your use of hashes is only
susceptibleto preimage attacks, even MD5 is just fine because at attacker would have to make 2^128 guesses, which
willbe infeasable for many decades (if ever). (quoted from <http://www.vpnc.org/hash.html>)
The time for us to look at this again is more properly when the NIST
SHA-3 competition ends, I believe. That's at least a couple of years
away. See <http://csrc.nist.gov/groups/ST/hash/timeline.html>
As for the suggestion that we should put other crypto functions into the
core, AIUI the reason not to is not to avoid problems with US Export
Regulations (after all, we've shipped source tarballs with it for many
years, including from US repositories), but to make it easier to use
Postgres in places where use of crypto is illegal. What benefit would we
gain from making general crypto part of the core?
cheers
andrew