Fabian Groffen wrote:
On 09-05-2009 11:43:14 +0200, Stefan de Konink wrote:
Fabian Groffen wrote:
On 08-05-2009 19:54:38 +0200, Stefan de Konink wrote:
As already found in the news SHA-1 is advised to migrated off by 2010. I would suggest SHA-2 in protocol 9. Which one of the SHA-2 family then? And is it really that important given that the store is still protected by a vaultkey? SHA-256;
Is it important? For obvious reasons you choose not to use SHA-0 or MD5 for prototol 9. Within that logic SHA-1 is actively being broken; thus I would follow an advisory not to incorporate them in new software.
Which is ok with me, but just makes it a bad initial choice from my side, since this change will not be "convertable" from one to another. Not a problem for releases, but it is a problem for people depending on trunk at the moment ;) Perhaps we should make use of this and allow the DBA to configure what No. the options for the DBA should be kept to a minimum. Go for the solution that will work for the next few years. Trunk users at some point should migrate through dump/restore, which can be used for passwords refresh requirements as well.