On Fri, Aug 12, 2011 at 10:14:58PM +0300, Marko Kreen wrote:
> On Thu, Aug 11, 2011 at 5:46 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > Marko Kreen <markokr@gmail.com> writes:
> >> On Wed, Aug 10, 2011 at 9:19 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> >>> ... which this approach would create, because digest() isn't restricted
> >>> to just those algorithms. I think it'd be better to just invent two
> >>> new functions, which also avoids issues for applications that currently
> >>> expect the digest functions to be installed in pgcrypto's schema.
> >
> >> I would suggest digest() with fixed list of algorithms: md5, sha1, sha2.
> >
> >> The uncommon/obsolete algorithms that can be used
> >> from digest() if compiled with openssl, are not something we
> >> need to worry over. In fact we have never "supported" them,
> >> as no testing has been done.
> >
> > Hmm ... they may be untested by us, but I feel sure that if we remove
> > that functionality from pgcrypto, *somebody* is gonna complain.
>
> If you dont want to break digest() but do not want such behaviour in core,
> we could go with hash(data, algo) that has fixed number of digests,
> but also couple non-cryptographic hashes like crc32, lookup2/3.
> This would also fix the problem of people using hashtext() in user code.
Hmm, this thread seems to have petered out without a conclusion. Just
wanted to comment that there _are_ non-password storage uses for these
digests: I use them in a context of storing large files in a bytea
column, as a means to doing data deduplication, and avoiding pushing
files from clients to server and back.
Ross
--
Ross Reedstrom, Ph.D. reedstrm@rice.edu
Systems Engineer & Admin, Research Scientist phone: 713-348-6166
Connexions http://cnx.org fax: 713-348-3665
Rice University MS-375, Houston, TX 77005
GPG Key fingerprint = F023 82C8 9B0E 2CC6 0D8E F888 D3AE 810E 88F0 BEDE