Visa CISP PCI compliance needs SHA1? - Mailing list pgsql-hackers

From Matthew Wetmore
Subject Visa CISP PCI compliance needs SHA1?
Date
Msg-id 47F3C7D5.4060409@secomintl.com
Whole thread Raw
List pgsql-hackers
Not sure if I posted in correct spot....
But seems to be topic of today...funny on same day I hear from Visa.

pg_8.2.6
Centos5
Windows based app.
encryped pwd = yes
SSL = yes,
hostssl, with explicit IP w/md5,. (no pg_crypto)

This is just with client / server pwd auth

We are in process of VISA CISP PCI compliance for our application.
(online cc auth - no stored cc data)
[next phase will include stored cc data]

We just heard back today that they would like to use SHA1 NOT md5 for
pwd auth.

does anyone have any doco that will support md5 vs. SHA1?
is PG_crypto in the db (meaning crypt the md5 hash )still the same as
md5 auth

We also have global customers so we understand the US v non-US export stuff.

Any direction is appreciated.

Thanks in advance.

/matthew wetmore
-- 

Matthew Wetmore
Secom International, Inc
9610 Bellanca, Ave.
Los Angeles, CA 90045
310-641-1290


This e-mail is intended for the addressee shown. It contains information
that is confidential and protected from disclosure. Any review,
dissemination or use of this transmission or its contents by persons or
unauthorized employees of the intended organisations is strictly
prohibited.
The contents of this email do not necessarily represent the views or
policies of Secom International Inc., or its employees.


pgsql-hackers by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: US VISA CISP PCI comp. needs SHA1
Next
From: Greg Smith
Date:
Subject: Patch queue -> wiki (was varadic patch)