Home > mailing lists

Re: pgcrypto: bug in gen_salt (md5/xdes) - Mailing list pgsql-patches

From	Tom Lane
Subject	Re: pgcrypto: bug in gen_salt (md5/xdes)
Date	January 3, 2006 22:47:49
Msg-id	27408.1136332068@sss.pgh.pa.us Whole thread Raw
In response to	pgcrypto: bug in gen_salt (md5/xdes) (Marko Kreen <markokr@gmail.com>)
List	pgsql-patches

Tree view

Marko Kreen <markokr@gmail.com> writes:
> There is a signedness bug in Openwall gen_salt code that
> pgcrypto uses.  This makes the salt space for md5 and xdes
> algorithms a lot smaller.

> Salts for blowfish and standard des are unaffected.

> Attached is upstream fix for it.  This applies all the
> way from 7.2 to 8.1 and HEAD.  Please apply this to all
> active branches.

Applied back to 7.3 ... we are not maintaining 7.2 anymore.

            regards, tom lane

pgsql-patches by date:

From: Neil Conway
Date: 03 January 2006, 21:59:23
Subject: Re: TODO item: list prepared queries

From: Joe Conway
Date: 03 January 2006, 22:50:32
Subject: Re: [BUGS] BUG #2129: dblink problem

Re: pgcrypto: bug in gen_salt (md5/xdes) - Mailing list pgsql-patches

Previous

Next