Thread: pgcrypto: bug in gen_salt (md5/xdes)

pgcrypto: bug in gen_salt (md5/xdes)

From

Marko Kreen

Date:

02 January 2006, 21:55:36

There is a signedness bug in Openwall gen_salt code that
pgcrypto uses.  This makes the salt space for md5 and xdes
algorithms a lot smaller.

Salts for blowfish and standard des are unaffected.

Attached is upstream fix for it.  This applies all the
way from 7.2 to 8.1 and HEAD.  Please apply this to all
active branches.

--
marko

Attachment

fix.gensalt.diff

Re: pgcrypto: bug in gen_salt (md5/xdes)

From

Tom Lane

Date:

03 January 2006, 22:47:49

Marko Kreen <markokr@gmail.com> writes:
> There is a signedness bug in Openwall gen_salt code that
> pgcrypto uses.  This makes the salt space for md5 and xdes
> algorithms a lot smaller.

> Salts for blowfish and standard des are unaffected.

> Attached is upstream fix for it.  This applies all the
> way from 7.2 to 8.1 and HEAD.  Please apply this to all
> active branches.

Applied back to 7.3 ... we are not maintaining 7.2 anymore.

            regards, tom lane