sanjay sharma wrote:
Hi Tom,
md5 is not being recommended anywhere because it contains hash
collision. Therefore either it should be replaced with SHA1 or any
other good hash algorithm or taken out of core completely. md5 in core
is worthless now.I am not using it in my application. I am using SHA1
in client/web tier for password hashing.
Would replacing md5 with SHA1 in core involve much work?
sanjay - please do not top-answer, especially when others have put their
answers below.
MD5 is not broken for purposes that would require a pre-image attack,
AIUI. That means there is a whole series of uses for which it is still
quite OK, including password hashing.
That said, there might well be a reason for including a
collision-resistant hash function in core without including the whole of
pg_crypto.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers