> It would be nice if the password scheme you finally settle on can be
> optionally replaced (compile-time) by the password hash available native
> on the OS. In the case of OpenBSD, the Blowfish-based replacement for the
> DES or MD5 based crypt(3) is better suited to resisting dictionary and
> other offline attacks by fast processors.
Once you say "strong encryption", you also say "export controls", "wasenaar"
and "avoid it if you can". It means PgSQL team would have to maintain two
distributions - one for the US and one for the rest of the world. It's not
like it cannot be done. I just see no benefit in using encryption instead of
hashing. There is no need for DES or Blowfish to justify the pain.
Gene Sokolov.
