On Thu, Apr 03, 2008 at 07:07:56PM +0200, Svenne Krap wrote:
> I currently save only md5(id || username || 'password')* into password,
> if I had access to sha1 (for example) i would add another password
> column so, having for example
>
> ID serial
> Username varchar
> Password_md5 varchar
> Password_sha1 varchar
>
> No matter how you see it, I get more bits of hash to check against.
Are you a cryptanalyst and are you sure that this doesn't actually make
things worse? I'm sure it gives you a warm fuzzy feeling that it's
*got* to be better, but unless someone has done some hard maths I'm not
sure how you can be so sure.
Why not just use SHA-512, you get many more quality bits that way.
> I would drop md5 totally and use sha1 and ripemd-160 if possible.. but
> currently i use only md5 as it is the only available one.. Loading
> pgcrypto is overkill for something as simple as hash-functions.
Sounds like a good reason for moving the current md5 function out into
pgcrypto as well! :)
> * I prepend the id and the username to guard users with weak passwords
> against known hashvalues (rainbow tables) should the box ever get
> comprised ...
I take it your threat model doesn't include the attacker logging
incoming queries to look for the clear-text password.
Sam