On Wed, Jun 8, 2011 at 11:43 AM, Radosław Smogura <rsmog...@softperience.eu> wrote: > > You should actually only consider safty of storing of such passwords in > database. If with md5 the password isn't digested like in DIGEST HTTP auth, > and only md5 shortcut is transfferd it has no meaning if you will transfer > over network clear password or md5 password (ok has if you use same password > in at least two services both storing password with md5). On higher level > you may note that MD5 is little bit out-dated and it's not considered > secure, currently I think only SHA-256 is secure. > > If you suspect that someone on your network may sniff password use cert auth > or kerberos or one of it mutations.
While MD5 is considered broken for certain applications, it's still perfectly valid for auth purposes. -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
