Re: sha1, sha2 functions into core? - Mailing list pgsql-hackers

From Tom Lane
Subject Re: sha1, sha2 functions into core?
Date
Msg-id 2415.1345038523@sss.pgh.pa.us
Whole thread Raw
In response to Re: sha1, sha2 functions into core?  (Marko Kreen <markokr@gmail.com>)
Responses Re: sha1, sha2 functions into core?
Re: sha1, sha2 functions into core?
Re: sha1, sha2 functions into core?
List pgsql-hackers
Marko Kreen <markokr@gmail.com> writes:
> On Wed, Aug 15, 2012 at 6:11 AM, Bruce Momjian <bruce@momjian.us> wrote:
>> Is there a TODO here?

> There is still open ToDecide here: [snip]

The argument against moving crypto code into core remains the same as it
was, ie export regulations.  I don't see that that situation has changed
at all.  Thus, I think we should leave all the pgcrypto code where it
is, in an extension that's easily separated out by anybody who's
concerned about legal restrictions.  The recent improvements in the ease
of installing extensions have made it even less interesting than it used
to be to merge extension-supported code into core --- if anything, we
ought to be trying to move functionality the other way.

If anybody's concerned about the security of our password storage,
they'd be much better off working on improving the length and randomness
of the salt string than replacing the md5 hash per se.
        regards, tom lane



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: [COMMITTERS] pgsql: Revert "commit_delay" change; just add comment that we don't hav
Next
From: Tom Lane
Date:
Subject: Re: Don't allow relative path for copy from file