There isn't enough agreement to move some things from pgcrypto to the core so this thread is being removed from the patch queue.
--------------------------------------------------------------------------- Bruce Momjian wrote: > > I am not thrilled about moving _some_ of pgcrypto into the backend --- > pgcrypto right now seems well designed and if we pull part of it out it > seems it will be less clear than what we have now. Perhaps we just need > to document that md5() isn't for general use and some function in > pgcrypto should be used instead? > > --------------------------------------------------------------------------- > > Marko Kreen wrote: > > On 1/21/08, Tom Lane <[EMAIL PROTECTED]> wrote: > > > > MD5 is broken in the sense that you can create two or more meaningful > > > > documents with the same hash. > > > > > > Note that this isn't actually very interesting for the purpose for > > > which the md5() function was put into core: namely, hashing passwords > > > before they are stored in pg_authid. > > > > Note: this was bad idea. The function that should have been > > added to core would be pg_password_hash(username, password). > > > > Adding md5() lessens incentive to install pgcrypto or push/accept > > digest() into core and gives impression there will be sha1(), etc > > in the future. > > > > Now users who want to store passwords in database (the most > > popular usage) will probably go with md5() without bothering > > with pgcrypto. They probably see "Postgres itself uses MD5 too", > > without realizing their situation is totally different from > > pg_authid one. > > > > It's like we have solution that is ACID-compliant 99% of the time in core, > > so why bother with 100% one. > > > > -- > > marko > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 4: Have you searched our list archives? > > > > http://archives.postgresql.org > > -- > Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us > EnterpriseDB http://postgres.enterprisedb.com > > + If your life is a hard drive, Christ can be your backup. + > > ---------------------------(end of broadcast)--------------------------- > TIP 5: don't forget to increase your free space map settings -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers