Home > mailing lists

Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems - Mailing list pgsql-bugs

From	Joe Conway
Subject	Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems
Date	June 24, 2009 15:28:49
Msg-id	4A42705D.50906@joeconway.com Whole thread Raw
In response to	Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems ("Meredith L. Patterson" <mlp@osogato.com>)
List	pgsql-bugs

Tree view

Meredith L. Patterson wrote:
> Magnus Hagander wrote:
>>> this has implications for storing passwords as MD5 hashes.  My
>>>
>> That would be the only system use of MD5. What implications are those?
>>
>> We might want to consider using a safer hash for the password storage at
>> some point, but from what I gather it's not really urgent for *that* use.
>>
> It would be a lot more urgent if we weren't salting, but IIRC we are.

If we really want something safer for system use in passwords, we ought
to be using HMAC instead. I don't believe and weaknesses of MD5 have
been found when it is used for HMAC. It has the added advantage that
there is no direct storage of the password itself, even in hashed form.

Joe

pgsql-bugs by date:

From: Gregory Stark
Date: 24 June 2009, 12:29:42
Subject: Re: BUG #2401: spinlocks not available on amd64

From: Craig Ringer
Date: 24 June 2009, 20:38:14
Subject: Re: psql: FATAL: the database system is in recovery mode

Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems - Mailing list pgsql-bugs

Previous

Next