sanjay sharma <sanksh@hotmail.com> writes:
> md5 is not being recommended anywhere because it contains hash
> collision.
For the purposes we are using it for, that's just about 100% irrelevant.
> Would replacing md5 with SHA1 in core involve much work?
Yes, it would be a tremendous problem, because the use of md5 is part of
our password protocol. We'd have to change client-side code in sync
with the servers to do that.
regards, tom lane