Re: PGSQL encryption functions
| От | Neil Saunders |
|---|---|
| Тема | Re: PGSQL encryption functions |
| Дата | |
| Msg-id | ddcd549e0511020604g32d6556fo7864f03f2373578e@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: PGSQL encryption functions ("Mark R. Dingee" <mark.dingee@cox.net>) |
| Список | pgsql-sql |
OK, you're not really "breaking" md5. If the attacker already knows the information being encrypted, then all you're testing is the concatenation order- Surely the information is more important than the order? md5 is a one way hash function, and so using an alternate algorithm will provide no benefit whatsoever; you're just running through 9 permutations. Kind Regards, Neil. On 11/2/05, Mark R. Dingee <mark.dingee@cox.net> wrote: > Mike & Tom, > > The script I'm using to "break" md5 presumes that the cracker knows the 3 > elements being concatenated together to form the plain-text sting which is > then passed into md5. The method I'm using then begins running through > various permutations. Do you believe that the methodology is appropriate or > that I'm being a bit paranoid? > > Thanks > > On Tuesday 01 November 2005 05:13 pm, Tom Lane wrote: > > "Mark R. Dingee" <mark.dingee@cox.net> writes: > > > md5 works, but I've been able to > > > brute-force crack it very quickly, > > > > Really? Where's your publication of this remarkable breakthrough? > > > > regards, tom lane > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 1: if posting/reading through Usenet, please send an appropriate > > subscribe-nomail command to majordomo@postgresql.org so that your > > message can get through to the mailing list cleanly > > On Wednesday 02 November 2005 04:26 am, Mario Splivalo wrote: > > On Tue, 2005-11-01 at 17:13 -0500, Tom Lane wrote: > > > "Mark R. Dingee" <mark.dingee@cox.net> writes: > > > > md5 works, but I've been able to > > > > brute-force crack it very quickly, > > > > > > Really? Where's your publication of this remarkable breakthrough? > > > > I'd say you can't bruteforce md5, unless you're extremley lucky. > > However, md5 is easily broken, you just need to know how to construct > > the hashes. > > > > One could switch to SHA for 'increaased' security. > > > > Although I don't think he'd be having problems using MD5 as he described > > it. I'd also lilke to see he's example of brute-force 'cracking' the MD5 > > digest. > > > > Mike > > ---------------------------(end of broadcast)--------------------------- > TIP 1: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly >
В списке pgsql-sql по дате отправления: