Home > mailing lists

Use of MD5 - Mailing list pgsql-bugs

From	Jeffrey Walton
Subject	Use of MD5
Date	November 13, 2013 11:40:06
Msg-id	CAH8yC8ksq5zjU7O7e5kCN0JVmeP+PgeUpY-OutjaJ1Gd5ec5yw@mail.gmail.com Whole thread Raw
Responses	Re: Use of MD5 (Heikki Linnakangas <hlinnakangas@vmware.com>) Re: Use of MD5 (Tomas Vondra <tv@fuzzy.cz>)
List	pgsql-bugs

Tree view

Might as well get this one out of the way....

There's a lot of use of MD5 with mini-salts of 4 bytes. Its one thing
if using MD5 as a PRF, but its another when using it for its security
properties (or lack thereof). See, for example, crypt.c, user.c, and
passwordcheck.c.

varlena.c appears to claim MD5_HASH_LEN is 32 bytes rather than 16
(perhaps its wishful thinking ?).

There does not appear to be a widely used alternative available.

pgsql-bugs by date:

From: Jeffrey Walton
Date: 13 November 2013, 11:23:34
Subject: postmaster.c and random keys/salts

From: Heikki Linnakangas
Date: 13 November 2013, 13:56:49
Subject: Re: Use of MD5

Use of MD5 - Mailing list pgsql-bugs

Previous

Next