Home > mailing lists

Re: sha1, sha2 functions into core? - Mailing list pgsql-hackers

From	Joe Conway
Subject	Re: sha1, sha2 functions into core?
Date	August 15, 2012 18:22:17
Msg-id	502BBE9D.6060106@joeconway.com Whole thread Raw
In response to	Re: sha1, sha2 functions into core? (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: sha1, sha2 functions into core? Re: sha1, sha2 functions into core?
List	pgsql-hackers

Tree view

On 08/15/2012 06:48 AM, Tom Lane wrote:
>> On Wed, Aug 15, 2012 at 6:11 AM, Bruce Momjian <bruce@momjian.us> wrote:
>>> Is there a TODO here?
> 
> If anybody's concerned about the security of our password storage,
> they'd be much better off working on improving the length and randomness
> of the salt string than replacing the md5 hash per se.

Or change to an md5 HMAC rather than straight md5 with salt. Last I
checked (which admittedly was a while ago) there were still no known
cryptographic weaknesses associated with an HMAC based on md5.

Joe

-- 
Joe Conway
credativ LLC: http://www.credativ.us
Linux, PostgreSQL, and general Open Source
Training, Service, Consulting, & 24x7 Support

pgsql-hackers by date:

From: Tom Lane
Date: 15 August 2012, 17:06:10
Subject: Re: Don't allow relative path for copy from file

From: Andrew Dunstan
Date: 15 August 2012, 18:37:27
Subject: Re: sha1, sha2 functions into core?

Re: sha1, sha2 functions into core? - Mailing list pgsql-hackers

Previous

Next