Thread: crypt and MD5 - still not wanted

crypt and MD5 - still not wanted

From

Karel Zak

Date:

07 July 2000, 16:41:19


Befor one year ago, I ask if MD5 (free code from Debian) and DES crypt()
is possible include to PG. 
Knows anyone if is possible include it to PG now?

For example GNU Debian distribute MD5 and crypt() in free software section 
without some restriction.

BTW --- If I good keep track situation on this branch, USA some time ago        change some restriction for this
matter.Or not?
 
                    Karel

Re: crypt and MD5 - still not wanted

From

Tom Lane

Date:

07 July 2000, 17:23:52

If I recall the prior discussion, MD5 is OK, crypt is still risky,
because MD5 is not an encryption algorithm so it doesn't fall under
the US export laws.

I believe Vince V. is working on improving the password challenge
code to use MD5, btw.
        regards, tom lane

Re: crypt and MD5 - still not wanted

From

Vince Vielhaber

Date:

07 July 2000, 17:26:39

On Fri, 7 Jul 2000, Tom Lane wrote:

> If I recall the prior discussion, MD5 is OK, crypt is still risky,
> because MD5 is not an encryption algorithm so it doesn't fall under
> the US export laws.
> 
> I believe Vince V. is working on improving the password challenge
> code to use MD5, btw.

yep.

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net128K ISDN from $22.00/mo - 56K Dialup from
$16.00/moat Pop4 Networking       Online Campground Directory    http://www.camping-usa.com      Online Giftshop
Superstore   http://www.cloudninegifts.com
 
==========================================================================

Re: crypt and MD5 - still not wanted

From

Karel Zak

Date:

08 July 2000, 07:21:34

On Fri, 7 Jul 2000, Tom Lane wrote:

> If I recall the prior discussion, MD5 is OK, crypt is still risky,
> because MD5 is not an encryption algorithm so it doesn't fall under
> the US export laws.
> 
> I believe Vince V. is working on improving the password challenge
> code to use MD5, btw.
Not only passwords, but standard SQL functions a my drean is aggregate
function md5count() too. Cool --- that is  MD5 OK.

            Karel

Re: crypt and MD5 - still not wanted

From

Peter Eisentraut

Date:

08 July 2000, 13:26:33

Vince Vielhaber writes:

> On Fri, 7 Jul 2000, Tom Lane wrote:
> 
> > If I recall the prior discussion, MD5 is OK, crypt is still risky,
> > because MD5 is not an encryption algorithm so it doesn't fall under
> > the US export laws.
> > 
> > I believe Vince V. is working on improving the password challenge
> > code to use MD5, btw.
> 
> yep.

If you do that, maybe also look at the secondary password files. We
probably don't want those using a different encryption method.


(backward compatibility alarm goes off in the distance...)


-- 
Peter Eisentraut                  Sernanders väg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden

Re: crypt and MD5 - still not wanted

From

Vince Vielhaber

Date:

08 July 2000, 13:50:22

On Sat, 8 Jul 2000, Peter Eisentraut wrote:

> Vince Vielhaber writes:
> 
> > On Fri, 7 Jul 2000, Tom Lane wrote:
> > 
> > > If I recall the prior discussion, MD5 is OK, crypt is still risky,
> > > because MD5 is not an encryption algorithm so it doesn't fall under
> > > the US export laws.
> > > 
> > > I believe Vince V. is working on improving the password challenge
> > > code to use MD5, btw.
> > 
> > yep.
> 
> If you do that, maybe also look at the secondary password files. We
> probably don't want those using a different encryption method.
> 
> 
> (backward compatibility alarm goes off in the distance...)

Already thinking about that.

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net128K ISDN from $22.00/mo - 56K Dialup from
$16.00/moat Pop4 Networking       Online Campground Directory    http://www.camping-usa.com      Online Giftshop
Superstore   http://www.cloudninegifts.com
 
==========================================================================

Re: crypt and MD5 - still not wanted

From

Tom Lane

Date:

08 July 2000, 14:45:02

Karel Zak <zakkr@zf.jcu.cz> writes:
>  Not only passwords, but standard SQL functions a my drean is aggregate
> function md5count() too. Cool --- that is  MD5 OK.

Er ... what?  What would an "aggregate function md5count()" do?

Bear in mind that an aggregate function is useless if its result
depends on the order of its inputs ...
        regards, tom lane

Re: crypt and MD5 - still not wanted

From

Karel Zak

Date:

09 July 2000, 08:58:11

> Karel Zak <zakkr@zf.jcu.cz> writes:
> >  Not only passwords, but standard SQL functions a my drean is aggregate
> > function md5count() too. Cool --- that is  MD5 OK.
> 
> Er ... what?  What would an "aggregate function md5count()" do?
Count md5 sum from defined rows.

> Bear in mind that an aggregate function is useless if its result
> depends on the order of its inputs ...
Hmm, order is a problem in this idea (I not think of this) :-(
But, I mean that it is not total idiotism, make it is a differend 
thing...
Well, I take back it.                     Karel