Skip site navigation (1) Skip section navigation (2)

BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems

From: "Jim Michaels" <jmichae3(at)yahoo(dot)com>
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems
Date: 2009-06-24 01:59:05
Message-ID: 200906240159.n5O1x540036048@wwwmaster.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-bugs
The following bug has been logged online:

Bug reference:      4876
Logged by:          Jim Michaels
Email address:      jmichae3(at)yahoo(dot)com
PostgreSQL version: 8.3.7-1
Operating system:   windows XP Pro SP3
Description:        author of MD5 says it's seriously broken - hash
collision resistance problems
Details: 

If you are looking for hash collision protection, start looking at SHA-256
or SHA-512.

"In any case, you may not want to be using md5 (at least for
applications requiring collision-resistance), as it is
seriously broken.  Use SHA-256 instead." - Ronald Rivest (author of MD5)

I was using MD5 in my zapdupes program and was told by the author of MD5,
and switched to SHA-512, because of the size of the files I was dealing
with.  since you have BLOBs, I suggest you do the same.  


this has implications for storing passwords as MD5 hashes.  My
recommendation is to ditch MD5 and go with SHA-512.  it takes up more space,
but it has greater collision resistance. it requires 64 bytes storage per
binary hash.

I have implemented SHA-512 as GPL'd code that you may use at 

http://jesusnjim.com/code/sha512.html

it compiles with gcc (djgpp, MinGW), and Borland C++, and probably Microsoft
Visual C++.

With gcc, make sure that you do not use optimization level above -O, because
-O2 and -03 generate bad code and will give you incorrect results (the
results will not match that of the fips pdf document).


one possibility is that you could make the MD5 function actually return a
SHA-512 hash.

another possibility is that you could replace it with sha1.
sha256 only takes up one line of space-separated hexadecimal.  sha512 takes
up 2 lines.

Responses

pgsql-bugs by date

Next:From: Jeremy FordDate: 2009-06-24 05:08:25
Subject: Re: BUG #4862: different results in to_date() between 8.3.7 & 8.4.RC1
Previous:From: Tom LaneDate: 2009-06-23 20:21:32
Subject: Re: BUG #4873: docs: no link from dml-update to sql-update

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group