Home > mailing lists

Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems - Mailing list pgsql-bugs

From	Meredith L. Patterson
Subject	Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems
Date	June 24, 2009 08:45:40
Msg-id	4A420D8F.1000500@osogato.com Whole thread Raw
In response to	Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems (Magnus Hagander <magnus@hagander.net>)
Responses	Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems
List	pgsql-bugs

Tree view

Magnus Hagander wrote:
> Using MD5 for passwords doesn't, afaik, actually require
> collision-resistance. It requires resistance against preimage-attacks,
> which there are none for MD5. At least not yet.
Marc Stevens et al have a chosen prefix attack on MD5 (similar to a
second preimage attack, but slightly weaker) which they've successfully
used to forge root CA certs, using a cluster of PS3s. Cf. their
presentation at 25c3 last December.

>> this has implications for storing passwords as MD5 hashes.  My
>>
>
> That would be the only system use of MD5. What implications are those?
>
> We might want to consider using a safer hash for the password storage at
> some point, but from what I gather it's not really urgent for *that* use.
>
It would be a lot more urgent if we weren't salting, but IIRC we are.

Cheers,
--mlp

pgsql-bugs by date:

From: Magnus Hagander
Date: 24 June 2009, 08:45:11
Subject: Re: BUG #4877: LDAP auth allows empty password string

From: Heikki Linnakangas
Date: 24 June 2009, 09:25:25
Subject: Re: psql: FATAL: the database system is in recovery mode

Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems - Mailing list pgsql-bugs

Previous

Next