Thread: SHA-1 vs MD5
Hi list,<br /><br />I know that there is a md5 internal function on postgresql, but I noticed that it isn't the more securetoday. I would like to know if there is a SHA-1 function implemented yet of, if not, if the team has plan to introduceit on PostgreSQL. <br /><br />Regards ...<br clear="all" /><br />-- <br />Ezequias Rodrigues da Rocha<br /><a href="http://ezequiasrocha.blogspot.com/">http://ezequiasrocha.blogspot.com/</a><br/>use Mozilla Firefox:<a href="http://br.mozdev.org/firefox/">http://br.mozdev.org/firefox/</a>
On Wed, Mar 07, 2007 at 05:04:18PM -0300, Ezequias Rodrigues da Rocha wrote: > Hi list, > > I know that there is a md5 internal function on postgresql, but I noticed > that it isn't the more secure today. I would like to know if there is a > SHA-1 function implemented yet of, if not, if the team has plan to introduce > it on PostgreSQL. What is the problem you're trying to solve? Md5 is probably good enough for many cases, but for long-term use, you're right that sha-1 is what you need. Actually, you need sha-256, quite frankly. a -- Andrew Sullivan | ajs@crankycanuck.ca I remember when computers were frustrating because they *did* exactly what you told them to. That actually seems sort of quaint now. --J.D. Baldwin
On 3/8/07, Andrew Sullivan <ajs@crankycanuck.ca> wrote: > What is the problem you're trying to solve? Md5 is probably good > enough for many cases, but for long-term use, you're right that sha-1 > is what you need. Actually, you need sha-256, quite frankly. Looking at his last mail he's after a password hash. To the OP: Currently there's no support in pg for sha algorithms, but you could always implement those in your application and store the hash in pg that way. Cheers, Andrej
On 3/7/07, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com> wrote:
You are probably looking for the pgcrypto contribution, look in the contrib directory for it.
test=# select encode(digest('blahblah', 'sha256'), 'hex');
encode
------------------------------------------------------------------
40b1bbb5445fc021a312315379f4633284851e14d1db83fb0730f58872d6033b
(1 row)
--
Chad
http://www.postgresqlforums.com/
I know that there is a md5 internal function on postgresql, but I noticed that it isn't the more secure today. I would like to know if there is a SHA-1 function implemented yet of, if not, if the team has plan to introduce it on PostgreSQL.
You are probably looking for the pgcrypto contribution, look in the contrib directory for it.
test=# select encode(digest('blahblah', 'sha256'), 'hex');
encode
------------------------------------------------------------------
40b1bbb5445fc021a312315379f4633284851e14d1db83fb0730f58872d6033b
(1 row)
--
Chad
http://www.postgresqlforums.com/
I really don't have the pgcrypto. It could be a nice alternative. Could you tell me the steps to install it ?
I am very concerned about security in my application becouse we are going to moviment a large ammount of information and money. As much i take care of it as good.
I know some problem of MD5 and know it is very good too. If someone could tell me where MD5 is used I could be more relaxed.
My best regards to all
--
Ezequias Rodrigues da Rocha
http://ezequiasrocha.blogspot.com/
use Mozilla Firefox:http://br.mozdev.org/firefox/
I am very concerned about security in my application becouse we are going to moviment a large ammount of information and money. As much i take care of it as good.
I know some problem of MD5 and know it is very good too. If someone could tell me where MD5 is used I could be more relaxed.
My best regards to all
--
Ezequias Rodrigues da Rocha
http://ezequiasrocha.blogspot.com/
use Mozilla Firefox:http://br.mozdev.org/firefox/
2007/3/7, Chad Wagner <chad.wagner@gmail.com>:
On 3/7/07, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com > wrote:I know that there is a md5 internal function on postgresql, but I noticed that it isn't the more secure today. I would like to know if there is a SHA-1 function implemented yet of, if not, if the team has plan to introduce it on PostgreSQL.
You are probably looking for the pgcrypto contribution, look in the contrib directory for it.
test=# select encode(digest('blahblah', 'sha256'), 'hex');
encode
------------------------------------------------------------------
40b1bbb5445fc021a312315379f4633284851e14d1db83fb0730f58872d6033b
(1 row)
--
Chad
http://www.postgresqlforums.com/
On 3/8/07, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com> wrote:
This should help you out:
http://www.postgresql.org/docs/8.2/static/external-extensions.html
http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/README?rev=1.91;content-type=text%2Fplain
SHA1 and MD5 are hashing algorithms, they are typically used for passwords and in conjunction with public key encryption or over-the-wire encryption to sign the message. If you are really concerned about security, you may want to hire an experienced person in the security engineering field. Especially if you are talking about financial information.
The impression I get is that SHA-256, SHA-384, or SHA-512 are the preferred hashing algorithms, but I really don't keep up on it. Many many password systems use MD5, I think it is reasonably safe.
I really don't have the pgcrypto. It could be a nice alternative. Could you tell me the steps to install it ?
This should help you out:
http://www.postgresql.org/docs/8.2/static/external-extensions.html
http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/README?rev=1.91;content-type=text%2Fplain
I am very concerned about security in my application becouse we are going to moviment a large ammount of information and money. As much i take care of it as good.
SHA1 and MD5 are hashing algorithms, they are typically used for passwords and in conjunction with public key encryption or over-the-wire encryption to sign the message. If you are really concerned about security, you may want to hire an experienced person in the security engineering field. Especially if you are talking about financial information.
I know some problem of MD5 and know it is very good too. If someone could tell me where MD5 is used I could be more relaxed.
The impression I get is that SHA-256, SHA-384, or SHA-512 are the preferred hashing algorithms, but I really don't keep up on it. Many many password systems use MD5, I think it is reasonably safe.
Thank you so much for your information. I installed the pgCrypto. Now I have more than 40 functions (i believe all are from pgcrypto) but when I try to run your query:
select encode(digest('blahblah', 'sha256'), 'hex');
I got the error:
ERROR: Cannot use "sha256": No such hash algorithm
SQL state: 22023
Any suggestion
Ezequias
--
Ezequias Rodrigues da Rocha
http://ezequiasrocha.blogspot.com/
use Mozilla Firefox: http://br.mozdev.org/firefox/
select encode(digest('blahblah', 'sha256'), 'hex');
I got the error:
ERROR: Cannot use "sha256": No such hash algorithm
SQL state: 22023
Any suggestion
Ezequias
2007/3/8, Chad Wagner < chad.wagner@gmail.com>:
On 3/8/07, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com> wrote:I really don't have the pgcrypto. It could be a nice alternative. Could you tell me the steps to install it ?
This should help you out:
http://www.postgresql.org/docs/8.2/static/external-extensions.html
http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/README?rev=1.91;content-type=text%2Fplain
I am very concerned about security in my application becouse we are going to moviment a large ammount of information and money. As much i take care of it as good.
SHA1 and MD5 are hashing algorithms, they are typically used for passwords and in conjunction with public key encryption or over-the-wire encryption to sign the message. If you are really concerned about security, you may want to hire an experienced person in the security engineering field. Especially if you are talking about financial information.
I know some problem of MD5 and know it is very good too. If someone could tell me where MD5 is used I could be more relaxed.
The impression I get is that SHA-256, SHA-384, or SHA-512 are the preferred hashing algorithms, but I really don't keep up on it. Many many password systems use MD5, I think it is reasonably safe.
--
Ezequias Rodrigues da Rocha
http://ezequiasrocha.blogspot.com/
use Mozilla Firefox: http://br.mozdev.org/firefox/
On 3/9/07, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com> wrote:
It may not be available in your version of the database/pgcrypto module, my test was performed on 8.2.3.
Thank you so much for your information. I installed the pgCrypto. Now I have more than 40 functions (i believe all are from pgcrypto) but when I try to run your query:
select encode(digest('blahblah', 'sha256'), 'hex');
I got the error:
ERROR: Cannot use "sha256": No such hash algorithm
SQL state: 22023
It may not be available in your version of the database/pgcrypto module, my test was performed on 8.2.3.
You are correct. My pg (8.1.3)
Now what I do to remove it ?
Just delete the functions ?
Ezequias
--
Ezequias Rodrigues da Rocha
http://ezequiasrocha.blogspot.com/
use Mozilla Firefox: http://br.mozdev.org/firefox/
Now what I do to remove it ?
Just delete the functions ?
Ezequias
2007/3/9, Chad Wagner <chad.wagner@gmail.com >:
On 3/9/07, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com> wrote:Thank you so much for your information. I installed the pgCrypto. Now I have more than 40 functions (i believe all are from pgcrypto) but when I try to run your query:
select encode(digest('blahblah', 'sha256'), 'hex');
I got the error:
ERROR: Cannot use "sha256": No such hash algorithm
SQL state: 22023
It may not be available in your version of the database/pgcrypto module, my test was performed on 8.2.3 .
--
Ezequias Rodrigues da Rocha
http://ezequiasrocha.blogspot.com/
use Mozilla Firefox: http://br.mozdev.org/firefox/
On 3/9/07, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com> wrote:
There is usually an uninstall_pgcrypto.sql script you can run against the database. But 8.1 probably supports at least sha1, or you can consider upgrading to 8.2.
You are correct. My pg (8.1.3)
Now what I do to remove it ?
Just delete the functions ?
There is usually an uninstall_pgcrypto.sql script you can run against the database. But 8.1 probably supports at least sha1, or you can consider upgrading to 8.2.
You are correct SH1 is supported. So I get the output size from 128 to 160 ok ?
I saw at wikipedia.
What does "With flaws" colisions means ? Does it means some ? in MD5 the put only "yes"
Regards
Ezequias
--
Ezequias Rodrigues da Rocha
http://ezequiasrocha.blogspot.com/
use Mozilla Firefox: http://br.mozdev.org/firefox/
I saw at wikipedia.
What does "With flaws" colisions means ? Does it means some ? in MD5 the put only "yes"
Regards
Ezequias
2007/3/9, Chad Wagner <chad.wagner@gmail.com>:
On 3/9/07, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com > wrote:You are correct. My pg (8.1.3)
Now what I do to remove it ?
Just delete the functions ?
There is usually an uninstall_pgcrypto.sql script you can run against the database. But 8.1 probably supports at least sha1, or you can consider upgrading to 8.2.
--
Ezequias Rodrigues da Rocha
http://ezequiasrocha.blogspot.com/
use Mozilla Firefox: http://br.mozdev.org/firefox/