There isn't enough agreement to move some things from pgcrypto to the
core so this thread is being removed from the patch queue.

---------------------------------------------------------------------------

Bruce Momjian wrote:
>
> I am not thrilled about moving _some_ of pgcrypto into the backend ---
> pgcrypto right now seems well designed and if we pull part of it out it
> seems it will be less clear than what we have now. Perhaps we just need
> to document that md5() isn't for general use and some function in
> pgcrypto should be used instead?
>
> ---------------------------------------------------------------------------
>
> Marko Kreen wrote:
> > On 1/21/08, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > > > MD5 is broken in the sense that you can create two or more meaningful
> > > > documents with the same hash.
> > >
> > > Note that this isn't actually very interesting for the purpose for
> > > which the md5() function was put into core: namely, hashing passwords
> > > before they are stored in pg_authid.
> >
> > Note: this was bad idea. The function that should have been
> > added to core would be pg_password_hash(username, password).
> >
> > Adding md5() lessens incentive to install pgcrypto or push/accept
> > digest() into core and gives impression there will be sha1(), etc
> > in the future.
> >
> > Now users who want to store passwords in database (the most
> > popular usage) will probably go with md5() without bothering
> > with pgcrypto. They probably see "Postgres itself uses MD5 too",
> > without realizing their situation is totally different from
> > pg_authid one.
> >
> > It's like we have solution that is ACID-compliant 99% of the time in core,
> > so why bother with 100% one.
> >
> > --
> > marko
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 4: Have you searched our list archives?
> >
> > http://archives.postgresql.org
>
> --
> Bruce Momjian <bruce@momjian.us> http://momjian.us
> EnterpriseDB http://postgres.enterprisedb.com
>
> + If your life is a hard drive, Christ can be your backup. +
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings

--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


> There isn't enough agreement to move some things from pgcrypto
> to the core so this thread is being removed from the patch queue.

I don't agree that we should just close discussion. Nobody seems happy
with the status quo, which is that we provide md5 but not sha1, and
are thus encouraging people to use md5 everywhere. At the very least,
I think we need to add sha1. Adding sha* would be better, and adding
other hashes would be better still (and make PG a better product, in
my opinion: having things builtin vs. contrib is a huge distinction).

I'd also like to emphasize that this is not a pgcrypto issue: while
it provides the same functionality that this proposal does, so does
creating a Pl/Perl function, which is the route I usually go, as it
is much easier and portable. So I see this as adding missing features
to core. We will obviously never replace pgcrypto entirely, due to the
silly state of encryption legislation.

- --
Greg Sabino Mullane greg@turnstep.com
End Point Corporation
PGP Key: 0x14964AC8 200804020906
http://biglumber.com/x/web?pk=2529DF...9B906714964AC8
-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAkfzhMQACgkQvJuQZxSWSsiTCwCgvauRh/hqOK0BEMEPoKXhzCf5
+GkAn0ma+cZy3fas1Y/uQ0Zf8WAqfLo8
=tTlK
-----END PGP SIGNATURE-----



--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

"Greg Sabino Mullane" <greg@turnstep.com> writes:
> I don't agree that we should just close discussion. Nobody seems happy
> with the status quo, which is that we provide md5 but not sha1,

There may be a few people who are unhappy, but the above claim seems
vastly overblown. md5 is sufficient for the purpose it is intended
for in core postgres (namely, obscuring the true source text of
passwords), and if you have needs much beyond that you'll soon be
installing pgcrypto anyway.

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

On Wed, Apr 02, 2008 at 01:07:01PM -0000, Greg Sabino Mullane wrote:
>
> > There isn't enough agreement to move some things from pgcrypto to
> > the core so this thread is being removed from the patch queue.
>
> I don't agree that we should just close discussion. Nobody seems
> happy with the status quo, which is that we provide md5 but not
> sha1, and are thus encouraging people to use md5 everywhere. At the
> very least, I think we need to add sha1. Adding sha* would be
> better, and adding other hashes would be better still (and make PG a
> better product, in my opinion: having things builtin vs. contrib is
> a huge distinction).
>
> I'd also like to emphasize that this is not a pgcrypto issue: while
> it provides the same functionality that this proposal does, so does
> creating a Pl/Perl function, which is the route I usually go, as it
> is much easier and portable. So I see this as adding missing
> features to core. We will obviously never replace pgcrypto entirely,
> due to the silly state of encryption legislation.

Just exactly which encryption legislation are we talking about here?

I know there was some fuss about this issue back in the early 1990s,
but that was many, many law changes and court cases ago, world-wide.
It's far from clear to me that there's any reason other than inertia
not to roll the crypto stuff into the core functionality and have
done.

Cheers,
David.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

David Fetter <david@fetter.org> writes:
> Just exactly which encryption legislation are we talking about here?

> I know there was some fuss about this issue back in the early 1990s,
> but that was many, many law changes and court cases ago, world-wide.
> It's far from clear to me that there's any reason other than inertia
> not to roll the crypto stuff into the core functionality and have
> done.

This seems a very USA-centric view of the problem. It's true that
the US export regulations no longer pose much of an issue for us
(but who's to say they might not become tighter again in future?);
the problem is there are lots of places where the laws are still
strict.

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

On Wed, Apr 02, 2008 at 12:27:15PM -0400, Tom Lane wrote:
> David Fetter <david@fetter.org> writes:
> > Just exactly which encryption legislation are we talking about
> > here?
>
> > I know there was some fuss about this issue back in the early
> > 1990s, but that was many, many law changes and court cases ago,
> > world-wide. It's far from clear to me that there's any reason
> > other than inertia not to roll the crypto stuff into the core
> > functionality and have done.
>
> This seems a very USA-centric view of the problem. It's true that
> the US export regulations no longer pose much of an issue for us
> (but who's to say they might not become tighter again in future?);
> the problem is there are lots of places where the laws are still
> strict.

Which places, and what laws?

Re: compulsively attempting to comply with every law everywhere, let's
recall that a certain Search! engine company managed to get itself in
a morally pretty reprehensible spot by "following the laws" of an
oppressive regime. We needn't do the same.

Cheers,
David.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Hi Tom,

md5 is not being recommended anywhere because it contains hash collision. Therefore either it should be replaced with SHA1 or any other good hash algorithm or taken out of core completely. md5 in core is worthless now.I am not using it in my application. I am using SHA1 in client/web tier for password hashing.

Would replacing md5 with SHA1 in core involve much work?

Sanjay Sharma> To: greg@turnstep.com> CC: pgsql-hackers@postgresql.org> Subject: Re: [HACKERS] [GENERAL] SHA1 on postgres 8.3 > Date: Wed, 2 Apr 2008 11:38:31 -0400> From: tgl@sss.pgh.pa.us> > "Greg Sabino Mullane" <greg@turnstep.com> writes:> > I don't agree that we should just close discussion. Nobody seems happy> > with the status quo, which is that we provide md5 but not sha1,> > There may be a few people who are unhappy, but the above claim seems> vastly overblown. md5 is sufficient for the purpose it is intended> for in core postgres (namely, obscuring the true source text of> passwords), and if you have needs much beyond that you'll soon be> installing pgcrypto anyway.> > regards, tom lane> > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)> To make changes to your subscription:> http://www.postgresql.org/mailpref/pgsql-hackers
__________________________________________________ _______________
Tried the new MSN Messenger? It’s cool! Download now.
http://messenger.msn.com/Download/De...aspx?mkt=en-in

David Fetter wrote:
> On Wed, Apr 02, 2008 at 12:27:15PM -0400, Tom Lane wrote:
>
>> David Fetter <david@fetter.org> writes:
>>
>>> Just exactly which encryption legislation are we talking about
>>> here?
>>>
>>> I know there was some fuss about this issue back in the early
>>> 1990s, but that was many, many law changes and court cases ago,
>>> world-wide. It's far from clear to me that there's any reason
>>> other than inertia not to roll the crypto stuff into the core
>>> functionality and have done.
>>>
>> This seems a very USA-centric view of the problem. It's true that
>> the US export regulations no longer pose much of an issue for us
>> (but who's to say they might not become tighter again in future?);
>> the problem is there are lots of places where the laws are still
>> strict.
>>
>
> Which places, and what laws?
>
http://rechten.uvt.nl/koops/cryptolaw/cls-sum.htm

(Info only - I have not spent time considering the issue at hand thus,
counter to net tradition, offer no opinion.)

Cheers,
Steve


--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

David Fetter <david@fetter.org> writes:
> Re: compulsively attempting to comply with every law everywhere, let's
> recall that a certain Search! engine company managed to get itself in
> a morally pretty reprehensible spot by "following the laws" of an
> oppressive regime. We needn't do the same.

We aren't actually doing any such thing. We are just making sure that
our distribution is split up in such a way that if someone *else* needs
to comply with such a law, it's not impractical to do so.

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

On Wed, Apr 02, 2008 at 12:49:38PM -0400, Tom Lane wrote:
> David Fetter <david@fetter.org> writes:
> > Re: compulsively attempting to comply with every law everywhere,
> > let's recall that a certain Search! engine company managed to get
> > itself in a morally pretty reprehensible spot by "following the
> > laws" of an oppressive regime. We needn't do the same.
>
> We aren't actually doing any such thing. We are just making sure
> that our distribution is split up in such a way that if someone
> *else* needs to comply with such a law, it's not impractical to do
> so.

That cat is already out of the bag with every Linux distribution.
There's just no point in our going three sides around the square in
order to have someone, somewhere claim that our tarball isn't
violating their law.

Cheers,
David.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers