pgcrypto: bug in gen_salt (md5/xdes) - Mailing list pgsql-patches

From Marko Kreen
Subject pgcrypto: bug in gen_salt (md5/xdes)
Date
Msg-id e51f66da0601021455x2a793feaq6f06d9d486485db4@mail.gmail.com
Whole thread Raw
Responses Re: pgcrypto: bug in gen_salt (md5/xdes)
List pgsql-patches
There is a signedness bug in Openwall gen_salt code that
pgcrypto uses.  This makes the salt space for md5 and xdes
algorithms a lot smaller.

Salts for blowfish and standard des are unaffected.

Attached is upstream fix for it.  This applies all the
way from 7.2 to 8.1 and HEAD.  Please apply this to all
active branches.

--
marko

Attachment

pgsql-patches by date:

Previous
From: Tom Lane
Date:
Subject: Re: TODO item: list prepared queries
Next
From: Joe Conway
Date:
Subject: Re: [BUGS] BUG #2129: dblink problem