Re: [HACKERS] Hashing passwords (was Updated TODO list)

Louis Bertrand <louis@bertrandtech.on.ca>

From: Louis Bertrand <louis@bertrandtech.on.ca>
To: Gene Sokolov <hook@aktrad.ru>
Cc: pgsql-hackers@postgreSQL.org
Date: 1999-07-09T15:14:41Z
Lists: pgsql-hackers
No, I am not suggesting PostgreSQL bundle any strong crypto: simply take
advantage of what's available native on the host OS.

BTW, the US export controls only apply to code written in the US. The
Wassenaar Arrangement specifically excludes free/open software.

Ciao
 --Louis  <louis@bertrandtech.on.ca> 

Louis Bertrand       http://www.bertrandtech.on.ca
Bertrand Technical Services, Bowmanville, ON, Canada  
Tel: +1.905.623.8925  Fax: +1.905.623.3852

OpenBSD: Secure by default.  http://www.openbsd.org/

On Fri, 9 Jul 1999, Gene Sokolov wrote:

> Once you say "strong encryption", you also say "export controls", "wasenaar"
> and "avoid it if you can". It means PgSQL team would have to maintain two
> distributions - one for the US and one for the rest of the world. It's not
> like it cannot be done. I just see no benefit in using encryption instead of
> hashing. There is no need for DES or Blowfish to justify the pain.
> 
> Gene Sokolov.
> 
> 
> 
> 
>