Home > mailing lists

Re: [GENERAL] SHA1 on postgres 8.3 - Mailing list pgsql-hackers

From	Heikki Linnakangas
Subject	Re: [GENERAL] SHA1 on postgres 8.3
Date	April 3, 2008 21:12:24
Msg-id	47F5482B.7000400@enterprisedb.com Whole thread Raw
In response to	Re: [GENERAL] SHA1 on postgres 8.3 (Mark Mielke <mark@mark.mielke.cc>)
Responses	Re: [GENERAL] SHA1 on postgres 8.3
List	pgsql-hackers

Tree view

Mark Mielke wrote:
> In any case, this is all irrelevant, because md5 passwords are still 
> very useful, and the argument that "more = better" is a never ending 
> infinite resource trap. More is not better. Better is better. If you can 
> prove md5 is insufficient for PostgreSQL passwords, the correct decision 
> would be to switch to something better, and deprecate md5 from the core.

Agreed.

One must also remember that if you use two hashes, if *either* one of 
them is broken in the future so that you can reconstruct the password 
from the hash, you're screwed.

--   Heikki Linnakangas  EnterpriseDB   http://www.enterprisedb.com

pgsql-hackers by date:

From: Alvaro Herrera
Date: 03 April 2008, 20:51:44
Subject: Re: psql \G command -- send query and output using extended format

From: "Nikolay Samokhvalov"
Date: 03 April 2008, 21:20:06
Subject: Row estimation for "var <> const" and for "NOT (...)" queries

Re: [GENERAL] SHA1 on postgres 8.3 - Mailing list pgsql-hackers

Previous

Next