Home > mailing lists

pgcrypto: bug in gen_salt (md5/xdes) - Mailing list pgsql-patches

From	Marko Kreen
Subject	pgcrypto: bug in gen_salt (md5/xdes)
Date	January 2, 2006 21:55:36
Msg-id	e51f66da0601021455x2a793feaq6f06d9d486485db4@mail.gmail.com Whole thread Raw
Responses	Re: pgcrypto: bug in gen_salt (md5/xdes) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-patches

Tree view

There is a signedness bug in Openwall gen_salt code that
pgcrypto uses.  This makes the salt space for md5 and xdes
algorithms a lot smaller.

Salts for blowfish and standard des are unaffected.

Attached is upstream fix for it.  This applies all the
way from 7.2 to 8.1 and HEAD.  Please apply this to all
active branches.

--
marko

Attachment

fix.gensalt.diff

pgsql-patches by date:

From: Tom Lane
Date: 02 January 2006, 20:40:28
Subject: Re: TODO item: list prepared queries

From: Joe Conway
Date: 03 January 2006, 01:34:22
Subject: Re: [BUGS] BUG #2129: dblink problem

pgcrypto: bug in gen_salt (md5/xdes) - Mailing list pgsql-patches

Attachment

Previous

Next