Alvaro Herrera wrote:
> Greg Sabino Mullane wrote:
>
>> I also realize that SHA1 is not a great solution these days either,
>> but I'd at least like to see a discussion on moving Postgres to
>> somewhere between "only has md5()" and "all pg_crypto functions inside
>> core", even if it only means a handful of SHA functions. Moving this
>> over to -hackers.
>>
>> In summary: what would objections be to my writing a sha1() patch?
>
> Isn't sha1 considered broken for some uses anyway? Perhaps if you're
> going to do that it would make sense to move the whole pgcrypto/sha2.c
> stuff to core, I think.
IIRC not anymore than md5, which we already do...
That said, it would make sense to include sha1() for compatibility
reasons and a stronger sha for people that need something better.
//Magnus