public inbox for [email protected]
help / color / mirror / Atom feedFrom: Gregory Stark <[email protected]>
To: Michael Fuhr <[email protected]>
Cc: Francisco Olarte Sanz <[email protected]>
Cc: [email protected]
Subject: Re: BUG #3965: UNIQUE constraint fails on long column values
Date: Thu, 21 Feb 2008 11:07:58 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
"Michael Fuhr" <[email protected]> writes:
> On Wed, Feb 20, 2008 at 12:21:03PM +0100, Francisco Olarte Sanz wrote:
>> On Wednesday 20 February 2008, Gregory Stark wrote:
>>
>> > Unless you need cryptographic security I would not suggest using MD5. MD5
>> > is intentionally designed to take a substantial amount of CPU resources to
>> > calculate.
>>
>> I thought it was the exact opposite, quoting from RFC1321:
Hm, ok, strike "intentionally". Nonetheless MD5 is quite computationally
intensive compared to quick hashes like the ones Postgres uses or CRC hashes
(which we ought to have functions for, but we don't seem to). SHA-1 is even
more computationally intensive and SHA-256 far more again.
For purposes of speeding up access a simple hash with the possibility of a few
collisions is normally fine. You add an additional clause to recheck the
original constraint.
For purposes of enforcing uniqueness I would be leery of depending on any
hash. The decision would depend on the application and the consequences of a
spurious error. The chances are slim but it's not impossible.
> And if you *do* need cryptographic security then don't use MD5, and
> consider using SHA-256 instead of SHA-1. See RFC 4270 for discussion.
>
> ftp://ftp.rfc-editor.org/in-notes/rfc4270.txt
One of the factors in deciding between cryptographic algorithms is the
longevity required. MD5 has not been cracked but some suspicious weaknesses
have been discovered which might lead to a crack sometime in the future where
an attacker might be able to construct new plaintexts with identical hashes.
If you just need something secure for session keys then that's not going to be
a concern. If you need to distinguish user-provided documents from other
user-provided documents you're keeping for decades then it is.
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
Ask me about EnterpriseDB's 24x7 Postgres support!
view thread (20+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: BUG #3965: UNIQUE constraint fails on long column values
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox