Re: [GENERAL] SHA1 on postgres 8.3

* David Fetter:

> Is there any country with laws so benighted that they restrict secure
> hashing algorithms?  Right now, there's a contest between SHA1 and
> MD5 as to which one gets broken first, and SHA1 appears to be in the
> lead.  SHAn for n>1 could preempt the awfulness of losing this race.

MD5 is broken in the sense that you can create two or more meaningful
documents with the same hash.  This is not currently possible for
SHA-1 (at least no one has publicly demonstrated this capability).
SHA-256 etc. are sufficiently similar to MD5 and SHA-1, so it's not
clear if they add significant additional security.

(Sorry if this is what you've said.)

--
Florian Weimer                <fweimer@bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99