Re: [HACKERS] Hashing passwords (was Updated TODO list)
Louis Bertrand <louis@bertrandtech.on.ca>
From: Louis Bertrand <louis@bertrandtech.on.ca>
To: Gene Sokolov <hook@aktrad.ru>
Cc: pgsql-hackers@postgreSQL.org
Date: 1999-07-09T15:14:41Z
Lists: pgsql-hackers
No, I am not suggesting PostgreSQL bundle any strong crypto: simply take advantage of what's available native on the host OS. BTW, the US export controls only apply to code written in the US. The Wassenaar Arrangement specifically excludes free/open software. Ciao --Louis <louis@bertrandtech.on.ca> Louis Bertrand http://www.bertrandtech.on.ca Bertrand Technical Services, Bowmanville, ON, Canada Tel: +1.905.623.8925 Fax: +1.905.623.3852 OpenBSD: Secure by default. http://www.openbsd.org/ On Fri, 9 Jul 1999, Gene Sokolov wrote: > Once you say "strong encryption", you also say "export controls", "wasenaar" > and "avoid it if you can". It means PgSQL team would have to maintain two > distributions - one for the US and one for the rest of the world. It's not > like it cannot be done. I just see no benefit in using encryption instead of > hashing. There is no need for DES or Blowfish to justify the pain. > > Gene Sokolov. > > > > >