Hi Tom,<br /> <br /> md5 is not being recommended anywhere because it contains hash collision. Therefore either it
shouldbe replaced with SHA1 or any other good hash algorithm or taken out of core completely. md5 in core is worthless
now.Iam not using it in my application. I am using SHA1 in client/web tier for password hashing. <br /> <br /> Would
replacingmd5 with SHA1 in core involve much work?<br /> <br /> Sanjay Sharma<br /><br />> To: greg@turnstep.com<br
/>>CC: pgsql-hackers@postgresql.org<br />> Subject: Re: [HACKERS] [GENERAL] SHA1 on postgres 8.3 <br />> Date:
Wed,2 Apr 2008 11:38:31 -0400<br />> From: tgl@sss.pgh.pa.us<br />> <br />> "Greg Sabino Mullane"
<greg@turnstep.com>writes:<br />> > I don't agree that we should just close discussion. Nobody seems
happy<br/>> > with the status quo, which is that we provide md5 but not sha1,<br />> <br />> There may be a
fewpeople who are unhappy, but the above claim seems<br />> vastly overblown. md5 is sufficient for the purpose it
isintended<br />> for in core postgres (namely, obscuring the true source text of<br />> passwords), and if you
haveneeds much beyond that you'll soon be<br />> installing pgcrypto anyway.<br />> <br />> regards, tom
lane<br/>> <br />> -- <br />> Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)<br />> To
makechanges to your subscription:<br />> http://www.postgresql.org/mailpref/pgsql-hackers<br /><br /><br /><hr
/>WindowsLive Spaces : Help your online world come to life, add 500 photos a month. <a
href="http://home.services.spaces.live.com/"target="_new">Try it!</a>
