Svenne Krap wrote:
Mark Mielke wrote:
This presumes that better hashes truly exist. It is basic math to
show that all hashes will include collisions. Ignoring the
possibility that one hash has theoretical better distribution for
real documents, the real "benefit" of SHA-1 over MD5, is that it has
more bits. The "ultimate" solution here, is to store the original
using the "full copy" hash technique, with 0 chance of collision.
This extreme defeats the purpose of a hash to start with.
Why does PostgreSQL need something better than md5 as part of core?
Bragging rights?
Having more than one hash algorithm significantly decreases the risk
of (common) collisions.
No it doesn't. More bits reduces risk of collisions. Additional
algorithms just muddy the waters.
As a non-developer (who does track most messages on the list anyways),
I surely find the SHA* functions will add significantly value and they
should be easy to install (well-defined functions) with no
maintainance afterwards.
Hashes are an absolute minimum for keeping passwords stored somehat
safely in a database.
It has yet to be proven that MD5 is insufficient for this purpose.
"Significant value" being what?
More two or even three different hashes with different collion-points
will strongly increase the security.
No it doesn't unless you are thinking about a security through obscurity
argument.
Cheers,
mark
--
Mark Mielke <[EMAIL PROTECTED]>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
