Re: reducing our reliance on MD5
| От | Claudio Freire |
|---|---|
| Тема | Re: reducing our reliance on MD5 |
| Дата | |
| Msg-id | CAGTBQpYKL3zYWf5-9cN3wEqchwq0LuA57AoqEkFyPGjLcNQVEA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: reducing our reliance on MD5 (Claudio Freire <klaussfreire@gmail.com>) |
| Список | pgsql-hackers |
On Wed, Feb 11, 2015 at 6:30 PM, Claudio Freire <klaussfreire@gmail.com> wrote: > On Wed, Feb 11, 2015 at 5:25 PM, Heikki Linnakangas > <hlinnakangas@vmware.com> wrote: >> On 02/11/2015 06:35 AM, Claudio Freire wrote: >>> >>> Usually because handshakes use a random salt on both sides. Not sure >>> about pg's though, but in general collision strength is required but >>> not slowness, they're not bruteforceable. >> >> >> To be precise: collision resistance is usually not important for hashes used >> in authentication handshakes. Not for our MD5 authentication method anyway; >> otherwise we'd be screwed. What you need is resistance to pre-image attacks. > > AFAIK, if I find a colliding string to the MD5 stored in pg_authid, I > can specify that to libpq and get authenticated. > > Am I missing something? Oh, right, that's called pre-image. Never mind then
В списке pgsql-hackers по дате отправления: