Re: Salt in encrypted password in pg_shadow
| От | Greg Stark |
|---|---|
| Тема | Re: Salt in encrypted password in pg_shadow |
| Дата | |
| Msg-id | 877jr4vyv1.fsf@stark.xeocode.com обсуждение исходный текст |
| Ответ на | Re: Salt in encrypted password in pg_shadow (David Garamond <lists@zara.6.isreserved.com>) |
| Список | pgsql-general |
Tom Lane <tgl@sss.pgh.pa.us> writes: > > it's unlikely that the same situation holds today. > > Why would you think that? The US government may not have too many > clues, but they certainly understand the importance of crypto. I cannot > think of any reason to suppose that NSA et al would have stopped > spending serious effort in this area. Certainly the NSA hasn't stopped spending serious effort. What's changed is that now there is serious effort outside the NSA as well. In academia and the private sector, not to mention other national governments. That wasn't the case 30 years ago partially because the money just wasn't there outside the NSA, and partially because the NSA was extremely persuasive in hiring away anyone doing research. It's hard to do get ahead in publish-or-perish academia when everything you're working on suddenly becomes classified... > (Where "serious effort" is measured by the standard of "a billion here, a > billion there, pretty soon you're talking about real money".) Well there's a limit to how much you can spend on researcher salaries. There are only so many researchers available to hire. Of course we don't know what their full budget is but if it's in the billions (which it may well be) it's probably mostly spent on operational costs, not research. > Quite honestly, as a US taxpayer I would not be happy if the NSA were > not far ahead of public research in this field ... It's presumably ahead. But not like the situation 30 years ago when they were the only group doing this kind of research. -- greg
В списке pgsql-general по дате отправления: