Re: You're on SecurityFocus.com for the cleartext passwords. - Mailing list pgsql-hackers

> > Sounds like a winner.  Comments?
> 
> Overlycomplicated?
> 
> What was your objection to MD5 again?

Also, MD5 is not ideal for passwords.  Seems the standard unix-style
password crypting is the standard, so it should be used to crypt our own
passwords in pg_shadow.  I am sure someone would find some problem with
us using md5 for password storage.

We already use the unix-style password crypt to send passwords over the
wire.  Why not use it for storage too?

--  Bruce Momjian                        |  http://www.op.net/~candle pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026