Martijn van Oosterhout wrote:
In summary: what would objections be to my writing a sha1() patch?
There wasn't any discussion about it last time. It does seem a bit
wierd to support one but not the other. It's also interesting to note
that the implementation in the backed is commented with:
I proposed md5 without sha1 because we already had md5 code in the
backend, and we did not have sha1 (and still don't). At the time I was
afraid that if I proposed sha1 as well it would become a debate and we
would have ended up with neither.
Personally I'm in favor of having sha1 and one or more of the newer
replacements in the backend. I'd also like to see HMAC built in. But I
think we need to be careful about running afoul of various export
regulations. Keeping the crypto stuff separate allows distributions to
leave the crypto out if they need to. Perhaps cryptographic hashes/HMAC
are not an issue though. Anyone know?
Joe
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
