Re: PGSQL encryption functions

Mike & Tom,

The script I'm using to "break" md5 presumes that the cracker knows the 3 
elements being concatenated together to form the plain-text sting which is 
then passed into md5.  The method I'm using then begins running through 
various permutations.  Do you believe that the methodology is appropriate or 
that I'm being a bit paranoid?

Thanks

On Tuesday 01 November 2005 05:13 pm, Tom Lane wrote:
> "Mark R. Dingee" <mark.dingee@cox.net> writes:
> > md5 works, but I've been able to
> > brute-force crack it very quickly,
>
> Really?  Where's your publication of this remarkable breakthrough?
>
>             regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
>        subscribe-nomail command to majordomo@postgresql.org so that your
>        message can get through to the mailing list cleanly

On Wednesday 02 November 2005 04:26 am, Mario Splivalo wrote:
> On Tue, 2005-11-01 at 17:13 -0500, Tom Lane wrote:
> > "Mark R. Dingee" <mark.dingee@cox.net> writes:
> > > md5 works, but I've been able to
> > > brute-force crack it very quickly,
> >
> > Really?  Where's your publication of this remarkable breakthrough?
>
> I'd say you can't bruteforce md5, unless you're extremley lucky.
> However, md5 is easily broken, you just need to know how to construct
> the hashes.
>
> One could switch to SHA for 'increaased' security.
>
> Although I don't think he'd be having problems using MD5 as he described
> it. I'd also lilke to see he's example of brute-force 'cracking' the MD5
> digest.
>
>     Mike