Thanks for the quick reply, I was (literally) sleeping :)
USing MD5 for the user-id is just to try to keep it looking fairly
random, in az a well-built system guessing this hash wouldn't mean
getting access.
Neil Conway wrote:
>On 16 Apr 2002 15:14:09 +0200
>"Moritz Sinn" <moritz@freesources.org> wrote:
>
>>Michael Loftis <mloftis@wgops.com> writes:
>>
>>>I've gotten intot he habit of using a sequence identifier, and couple
>>>that with the current time then md5 sum that to create unique
>>>uids. Works our fairly well, and is atleast marginally difficult to
>>>guess.
>>>
>>that sounds good. could you send me your function definition? because i
>>don't now how to md5 sum in postgresql.
>>
>
>An implementation of MD5 is part of contrib/pgcrypto.
>
>Cheers,
>
>Neil
>
>P.S. I remember hearing that MD4 has been found to be vulnerable
>already, and that there are some theoretical weaknesses in
>MD5. Does anyone have more info on this? I personally use
>SHA1 anyway...
>