[Monetdb-developers] Suggestion to ditch SHA-1, and embrace SHA-2

Fabian Groffen Fabian.Groffen at cwi.nl
Sat May 9 11:50:24 CEST 2009


On 09-05-2009 11:43:14 +0200, Stefan de Konink wrote:
> Fabian Groffen wrote:
> > On 08-05-2009 19:54:38 +0200, Stefan de Konink wrote:
> >> As already found in the news SHA-1 is advised to migrated off by 2010. I 
> >> would suggest SHA-2 in protocol 9.
> > 
> > Which one of the SHA-2 family then?  And is it really that important
> > given that the store is still protected by a vaultkey?
> 
> SHA-256;
> 
> Is it important? For obvious reasons you choose not to use SHA-0 or MD5 
> for prototol 9. Within that logic SHA-1 is actively being broken; thus I 
> would follow an advisory not to incorporate them in new software.

Which is ok with me, but just makes it a bad initial choice from my
side, since this change will not be "convertable" from one to another.
Not a problem for releases, but it is a problem for people depending on
trunk at the moment ;)
Perhaps we should make use of this and allow the DBA to configure what
password backend to use, and have proto 9 automagically see what hash to
use.  This requires a bit more work, but saves us from an un-convertible
upgrade in the future when SHA-2 is taken for weak as well.




More information about the developers-list mailing list