Re: sha1, sha2 functions into core?

On 08/20/2012 07:08 PM, Tom Lane wrote:


> Moreover, as Josh just mentioned, anybody who
> thinks it might be insufficiently secure for their purposes has got
> plenty of alternatives available today (SSL certificates, PAM backed
> by whatever-you-want, etc).
>

Yeah, I think we need to emphasize this lots more. Anyone who wants 
really secure authentication needs to be getting away from password 
based auth altogether. Another hash function will make very little 
difference.

cheers

andrew