Home > mailing lists

Re: reducing our reliance on MD5 - Mailing list pgsql-hackers

From	Claudio Freire
Subject	Re: reducing our reliance on MD5
Date	February 11, 2015 07:35:13
Msg-id	CAGTBQpbWvMy_eOhQMhZy6FKhBqLDZKw+rq3A_ePnk9tK4nAYQg@mail.gmail.com Whole thread Raw
In response to	Re: reducing our reliance on MD5 (Peter Geoghegan <pg@heroku.com>)
Responses	Re: reducing our reliance on MD5 (Heikki Linnakangas <hlinnakangas@vmware.com>)
List	pgsql-hackers

Tree view

On Tue, Feb 10, 2015 at 10:19 PM, Peter Geoghegan <pg@heroku.com> wrote:
> On Tue, Feb 10, 2015 at 5:14 PM, Arthur Silva <arthurprs@gmail.com> wrote:
>> I don't think the "password storing best practices" apply to db connection
>> authentication.
>
> Why not?

Usually because handshakes use a random salt on both sides. Not sure
about pg's though, but in general collision strength is required but
not slowness, they're not bruteforceable.

pgsql-hackers by date:

From: Peter Eisentraut
Date: 11 February 2015, 07:07:42
Subject: Re: GRANT USAGE on FOREIGN SERVER exposes passwords

From: Jim Nasby
Date: 11 February 2015, 08:58:40
Subject: Re: Manipulating complex types as non-contiguous structures in-memory

Re: reducing our reliance on MD5 - Mailing list pgsql-hackers

Previous

Next