Skip site navigation (1) Skip section navigation (2)

Re: md5 collision generator

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Wim Bertels <wim(dot)bertels(at)khleuven(dot)be>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: md5 collision generator
Date: 2005-11-16 20:43:15
Message-ID: 20051116204315.GA20018@wolff.to (view raw or flat)
Thread:
Lists: pgsql-admin
On Wed, Nov 16, 2005 at 14:25:44 +0100,
  Wim Bertels <wim(dot)bertels(at)khleuven(dot)be> wrote:
> LS,
> 
> the sourcecode of a md5 collision generator has been released,
> it takes about 45 minutes to generate.
> ..so to an "eve" with this knowledge md5 is almost the same as plain text..
> 
> maybe its not bad to include eg. sha2 hashes into the options for passwords

There is no sha2. sha1 has similar problems to md5.

The collision attack doesn't allow you to produce data that hashes to specific
hashes. So this isn't a problem for postgres.

In response to

Responses

pgsql-admin by date

Next:From: Joe ConwayDate: 2005-11-16 21:35:22
Subject: Re: md5 collision generator
Previous:From: Kevin GrittnerDate: 2005-11-16 20:24:43
Subject: Re: ERROR: could not read block

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group