Re: [GENERAL] SHA1 on postgres 8.3 - Mailing list pgsql-hackers

From Magnus Hagander
Subject Re: [GENERAL] SHA1 on postgres 8.3
Date
Msg-id 20080402174928.0e6d2f81@mha-laptop
Whole thread Raw
In response to Re: [GENERAL] SHA1 on postgres 8.3  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: [GENERAL] SHA1 on postgres 8.3
Re: [GENERAL] SHA1 on postgres 8.3
List pgsql-hackers
Tom Lane wrote:
> "Greg Sabino Mullane" <greg@turnstep.com> writes:
> > I don't agree that we should just close discussion. Nobody seems
> > happy with the status quo, which is that we provide md5 but not
> > sha1,
> 
> There may be a few people who are unhappy, but the above claim seems
> vastly overblown.  md5 is sufficient for the purpose it is intended
> for in core postgres (namely, obscuring the true source text of
> passwords), and if you have needs much beyond that you'll soon be
> installing pgcrypto anyway.

I think that claim is completely incorrect.

A lot of people use the md5() function in PostgreSQL today to hash
the passwords for the users of whatever webbapp they are running. It
only uses one account to connect to PostgreSQL and handles the rest of
the auth elsewhere in the app. These users would like to have sha1
(and/or other securer hashes). And they would like it in -core, because
their hosting company don't install the contrib modules.

//Magnus


pgsql-hackers by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: bug in float8in()
Next
From: Magnus Hagander
Date:
Subject: Re: [GENERAL] SHA1 on postgres 8.3