Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted - Mailing list pgsql-hackers

From Antoine Martin
Subject Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted
Date
Msg-id 1114200141.11982.25.camel@cobra
Whole thread Raw
In response to Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords  (Bruno Wolff III <bruno@wolff.to>)
Responses Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted
List pgsql-hackers
On Thu, 2005-04-21 at 17:27 -0500, Bruno Wolff III wrote:
> On Wed, Apr 20, 2005 at 22:27:01 -0400,
>   Stephen Frost <sfrost@snowman.net> wrote:
> > 
> > SHA2 would also be nice.
> 
> I think the new hash functions are called SHA256 and SHA512.
> For Postgres' purposes the recent weaknesses found in SHA1 and MD5
> aren't a big deal.
It is irrelevant here, if I am reading this correctly:
http://theory.csail.mit.edu/~yiqun/shanote.pdf
"collision search attacks"
Basically, multiple input data that have the same output hash, which is
of no use when what you are trying to find is the input.
Finding collisions quicker for a known input is one thing, but that is
not going to reduce the search space, not even your storage space (it is
unlikely that the colliding results would all be valid input).

Is adding the non-guessable salt that hard anyway?



pgsql-hackers by date:

Previous
From: Hannu Krosing
Date:
Subject: possible TODO: read-only tables, select from indexes only.
Next
From: "Chuck McDevitt"
Date:
Subject: Re: Woo hoo ... a whole new set of compiler