Home > mailing lists

Re: Generating unique session ids - Mailing list pgsql-general

From	Chris Mair
Subject	Re: Generating unique session ids
Date	July 27, 2006 13:35:02
Msg-id	1154007256.6238.3.camel@dell.home.lan Whole thread Raw
In response to	Re: Generating unique session ids (Tomasz Ostrowski <tometzky@batory.org.pl>)
List	pgsql-general

Tree view

> > SELECT md5('secret_salt' || nextval('my_seq')::text)
>
> * When somebody knows md5('secret_salt' || '5') he will be able to
> easily compute
>     md5('secret_salt' || '50')
>     md5('secret_salt' || '51')
>     md5('secret_salt' || '52')
>     ...
>     md5('secret_salt' || '59')
>     md5('secret_salt' || '500')
>     md5('secret_salt' || '501')
>     ...
>     md5('secret_salt' || '[any number starting from 5]').
> Without knowledge of 'secret_salt'. So your proposal is totally
> insecure.

Challenge :)

chris=> select md5('******' || '5');
               md5
----------------------------------
 7b076f591070f6912e320b95782250ae
(1 row)

I won't tell what '******' was.

Can you send me what md5('******' || '50') will give?

Bye,
Chris.

pgsql-general by date:

From: Tomasz Ostrowski
Date: 27 July 2006, 13:16:16
Subject: Re: Generating unique session ids

From: Tom Lane
Date: 27 July 2006, 13:40:28
Subject: Re: Generating unique session ids

Re: Generating unique session ids - Mailing list pgsql-general

Previous

Next