On 6/5/07, Brian Mathis <brian.mathis@gmail.com> wrote:
> On 6/5/07, Marko Kreen <markokr@gmail.com> wrote:
> > Both md5 and sha1 are bad for passwords, no salt and easy to
> > bruteforce - due to the tiny amount of data in passwords.
> >
> > Proper ways is to use crypt() function from pgcrypto module.
> > Due to historical accident is has bad name which hints at
> > encryption, actually its only purpose is to hash passwords.
> > Read more in pgcrypto doc.
>
> If you salt them yourself, there's no problem with md5 or sha1, and
> they are arguably more secure than the old "crypt" call. Most modern
> linuxes use md5 for password storage.
No, both md5 and sha1 are actually easier to bruteforce than
the old DES-based crypt. Ofcourse that does not mean that
old DES-crypt is good idea. Pgcrypto's crypt() supports bit
more modern md5crypt and bf-crypt algoriths which give much
higher security margin. It can be argued that bf-crypt is the
"state-of-the-art" algorithm for password hashing.
--
marko
