David Fetter wrote:
I suggest that we start by putting secure hashing algorithms into the
core distribution so, should MD5 ever break, we have real
alternatives, and not done in a panic.



Doing that now would be quite premature. Which algorithm would we choose?

And there is no urgency at all about it, since AIUI an attack on our use of it would require a preimage attack:

   At the time of this writing, there are no practical preimage
   attacks, meaning that if your use of hashes is only susceptible to
   preimage attacks, even MD5 is just fine because at attacker would
   have to make 2^128 guesses, which will be infeasable for many
   decades (if ever). (quoted from  <http://www.vpnc.org/hash.html>)


The time for us to look at this again is more properly when the NIST SHA-3 competition ends, I believe. That's at least a couple of years away. See <http://csrc.nist.gov/groups/ST/hash/timeline.html>

As for the suggestion that we should put other crypto functions into the core, AIUI the reason not to is not to avoid problems with US Export Regulations (after all, we've shipped source tarballs with it for many years, including from US repositories), but to make it easier to use Postgres in places where use of crypto is illegal. What benefit would we gain from making general crypto part of the core?

cheers

andrew

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to