* Tom Lane: >> MD5 is broken in the sense that you can create two or more meaningful >> documents with the same hash. > > Note that this isn't actually very interesting for the purpose for > which the md5() function was put into core: namely, hashing passwords > before they are stored in pg_authid.
No doubt about that. But there are checklists out there, and if you use MD5 at some point, you need to go to some lengths to explain that it's okay. That's why I can understand the desire to have sha1 easily available (even though SHA-1 isn't much better, really, and the difference doesn't actually matter for many application). It's a bit like justifying that you don't need a virus scanner on your non-Windows server or database server. 8-P BTW, I'd like to see MD5/SHA-1 for BYTEA, not just TEXT, and with a BYTEA return value. Does pgcrypto provide that? -- Florian Weimer <[EMAIL PROTECTED]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings