On Wed, Aug 10, 2011 at 7:06 PM, Peter Eisentraut <peter_e@gmx.net> wrote:
> I would like to see whether there is support for adding sha1 and sha2
> functions into the core. These are obviously well-known and widely used
> functions, but currently the only way to get them is either through
> pgcrypto or one of the PLs. We could say that's OK, but then we do
> support md5 in core, which then encourages people to use that, when they
> really shouldn't use that for new applications.
Slightly different, but related - I've seen complaints that we only
use md5 for password storage/transmission, which is apparently not
acceptable under some government security standards. In the most
recent case, they wanted to be able to use sha256 for password storage
(transmission isn't really an issue where SSL can be used of course).
If we're ready to move more hashing functions into core, then it seems
reasonable to add more options for password storage to help those who
need to meet mandated standards.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
