On Wed, Nov 16, 2005 at 14:25:44 +0100,
Wim Bertels <wim(dot)bertels(at)khleuven(dot)be> wrote:
> the sourcecode of a md5 collision generator has been released,
> it takes about 45 minutes to generate.
> ..so to an "eve" with this knowledge md5 is almost the same as plain text..
> maybe its not bad to include eg. sha2 hashes into the options for passwords
There is no sha2. sha1 has similar problems to md5.
The collision attack doesn't allow you to produce data that hashes to specific
hashes. So this isn't a problem for postgres.
In response to
pgsql-admin by date
|Next:||From: Joe Conway||Date: 2005-11-16 21:35:22|
|Subject: Re: md5 collision generator|
|Previous:||From: Kevin Grittner||Date: 2005-11-16 20:24:43|
|Subject: Re: ERROR: could not read block|