On 8/15/12 6:48 AM, Tom Lane wrote:
> The argument against moving crypto code into core remains the same as it
> was, ie export regulations. I don't see that that situation has changed
> at all.
Actually, I believe that it has, based on my experience getting an
export certificate for Sun Postgres back in 2008.
The US Federal government lifted restrictions on shipping well-known
cryptographic algorithms to most countries several years ago, except to
specific countries with embargoes (Iran, Burma, etc.). However, *all*
exports of software to those embargoed countries are restricted,
cryptographic or not.
The USA does require an export certificate for any
cryptographic-supporting software which is shipped from the USA. For
that, however, MD5 and our support for SSL authentication already
requires a certificate, whether we include SHA or not. So, my personal
non-lawyer experience is that including SHA in core or not would make no
difference whatsoever to our export status.
The above is all secondhand legal knowledge, so if it really matters to
our decisions on what algorithms we include in Core, we should ask SFLC
for a real opinion. We certainly shouldn't make one based on assumptions.
I think it's more significant, though, that nobody has been able to
demonstrate that SHA hashing of passwords actually makes Postgres more
secure.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com