[Monetdb-developers] Suggestion to ditch SHA-1, and embrace SHA-2

Martin Kersten Martin.Kersten at cwi.nl
Sat May 9 11:57:38 CEST 2009


Fabian Groffen wrote:
> On 09-05-2009 11:43:14 +0200, Stefan de Konink wrote:
>> Fabian Groffen wrote:
>>> On 08-05-2009 19:54:38 +0200, Stefan de Konink wrote:
>>>> As already found in the news SHA-1 is advised to migrated off by 2010. I 
>>>> would suggest SHA-2 in protocol 9.
>>> Which one of the SHA-2 family then?  And is it really that important
>>> given that the store is still protected by a vaultkey?
>> SHA-256;
>>
>> Is it important? For obvious reasons you choose not to use SHA-0 or MD5 
>> for prototol 9. Within that logic SHA-1 is actively being broken; thus I 
>> would follow an advisory not to incorporate them in new software.
> 
> Which is ok with me, but just makes it a bad initial choice from my
> side, since this change will not be "convertable" from one to another.
> Not a problem for releases, but it is a problem for people depending on
> trunk at the moment ;)
> Perhaps we should make use of this and allow the DBA to configure what
No. the options for the DBA should be kept to a minimum.
Go for the solution that will work for the next few years.
Trunk users at some point should migrate through dump/restore,
which can be used for passwords refresh requirements as well.




More information about the developers-list mailing list