Re: reducing our reliance on MD5
| От | Bruce Momjian |
|---|---|
| Тема | Re: reducing our reliance on MD5 |
| Дата | |
| Msg-id | 20150211170248.GA28568@momjian.us обсуждение исходный текст |
| Ответ на | Re: reducing our reliance on MD5 (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Tue, Feb 10, 2015 at 09:30:37PM -0500, Tom Lane wrote: > I think it would be wise to take two steps back and think about what > the threat model is here, and what we actually need to improve. > Offhand I can remember two distinct things we might wish to have more > protection against: > > * scraping of passwords off the wire protocol (but is that still > a threat in an SSL world?). Better salting practice would do more > than replacing the algorithm as such for this, IMO. Agreed. In 2004 Greg Stark estimated that it would take only 64k connection attempts to get a server-supplied reply of a salt already seen that can be replayed: http://www.postgresql.org/message-id/flat/200410071728.i97HS1a16128@candle.pha.pa.us#200410071728.i97HS1a16128@candle.pha.pa.us If you have a few salts the number goes down further. I think the 32-bit salt length is the greatest risk to our existing MD5 implementation. While leaving MD5 has a theoretical benefit, using a 64-bit salt has a practical benefit. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. +
В списке pgsql-hackers по дате отправления: