Florian Weimer <fweimer@bfk.de> writes:
> * David Fetter:
>> Is there any country with laws so benighted that they restrict secure
>> hashing algorithms? Right now, there's a contest between SHA1 and
>> MD5 as to which one gets broken first, and SHA1 appears to be in the
>> lead. SHAn for n>1 could preempt the awfulness of losing this race.
> MD5 is broken in the sense that you can create two or more meaningful
> documents with the same hash.
Note that this isn't actually very interesting for the purpose for
which the md5() function was put into core: namely, hashing passwords
before they are stored in pg_authid. pg_authid is already secured
against viewing by non-superusers, and a superuser can crack into
your database account anyway, nyet? So the only reason we bother
with hashing here is to keep a superuser from finding out your cleartext
password, which might possibly let him crack into non-database services
that you foolishly used the same password for. Therefore, it doesn't
really matter if he can find another password with the same hash ---
that's not guarding against anything interesting.
Of course, if you want to store other sorts of protected stuff in the
database, you might not want md5, but at that point you're a candidate
to use contrib/pgcrypto.
regards, tom lane