"Greg Sabino Mullane" <greg@turnstep.com> writes:
> I don't agree that we should just close discussion. Nobody seems happy
> with the status quo, which is that we provide md5 but not sha1,
There may be a few people who are unhappy, but the above claim seems
vastly overblown. md5 is sufficient for the purpose it is intended
for in core postgres (namely, obscuring the true source text of
passwords), and if you have needs much beyond that you'll soon be
installing pgcrypto anyway.
regards, tom lane