Mark Mielke wrote:
> This presumes that better hashes truly exist. It is basic math to show
> that all hashes will include collisions. Ignoring the possibility that
> one hash has theoretical better distribution for real documents, the
> real "benefit" of SHA-1 over MD5, is that it has more bits. The
> "ultimate" solution here, is to store the original using the "full
> copy" hash technique, with 0 chance of collision. This extreme defeats
> the purpose of a hash to start with.
>
> Why does PostgreSQL need something better than md5 as part of core?
> Bragging rights?
Having more than one hash algorithm significantly decreases the risk of
(common) collisions.
As a non-developer (who does track most messages on the list anyways), I
surely find the SHA* functions will add significantly value and they
should be easy to install (well-defined functions) with no maintainance
afterwards.
Hashes are an absolute minimum for keeping passwords stored somehat
safely in a database.
More two or even three different hashes with different collion-points
will strongly increase the security.
