Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems
| От | Meredith L. Patterson |
|---|---|
| Тема | Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems |
| Дата | |
| Msg-id | 4A420D8F.1000500@osogato.com обсуждение исходный текст |
| Ответ на | Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems (Magnus Hagander <magnus@hagander.net>) |
| Ответы |
Re: BUG #4876: author of MD5 says it's seriously broken -
hash collision resistance problems
Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems |
| Список | pgsql-bugs |
Magnus Hagander wrote: > Using MD5 for passwords doesn't, afaik, actually require > collision-resistance. It requires resistance against preimage-attacks, > which there are none for MD5. At least not yet. Marc Stevens et al have a chosen prefix attack on MD5 (similar to a second preimage attack, but slightly weaker) which they've successfully used to forge root CA certs, using a cluster of PS3s. Cf. their presentation at 25c3 last December. >> this has implications for storing passwords as MD5 hashes. My >> > > That would be the only system use of MD5. What implications are those? > > We might want to consider using a safer hash for the password storage at > some point, but from what I gather it's not really urgent for *that* use. > It would be a lot more urgent if we weren't salting, but IIRC we are. Cheers, --mlp
В списке pgsql-bugs по дате отправления: