On Tue, Nov 19, 2019 at 8:49 AM Andrew Dunstan <andrew.duns...@2ndquadrant.com> wrote: > I admit I haven't been following along closely, but why do we need a > cryptographic checksum here instead of, say, a CRC? Do we think that > somehow the checksum might be forged? Use of cryptographic hashes as > general purpose checksums has become far too common IMNSHO.
I tend to agree with you. I suspect if we just use CRC, some people are going to complain that they want something "stronger" because that will make them feel better about error detection rates or obscure threat models or whatever other things a SHA-based approach might be able to catch that CRC would not catch. However, I suspect that for normal use cases, CRC would be totally adequate, and the fact that the performance overhead is almost none vs. a whole lot - at least in this test setup, other results might vary depending on what you test - makes it look pretty appealing. My gut reaction is to make CRC the default, but have an option that you can use to either turn it off entirely (if even 1-2% is too much for you) or opt in to SHA-something if you want it. I don't think we should offer an option for MD5, because MD5 is a dirty word these days and will cause problems for users who have to worry about FIPS 140-2 compliance. Phrased more positively, if you want a cryptographic hash at all, you should probably use one that isn't widely viewed as too weak. Thoughts? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company