Quick Links

Re: pgcrypto: bug in gen_salt (md5/xdes)

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Marko Kreen <markokr(at)gmail(dot)com>
Cc:	pgsql-patches(at)postgresql(dot)org
Subject:	Re: pgcrypto: bug in gen_salt (md5/xdes)
Date:	2006-01-03 23:47:48
Message-ID:	27408.1136332068@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-patches

Marko Kreen <markokr(at)gmail(dot)com> writes:
> There is a signedness bug in Openwall gen_salt code that
> pgcrypto uses. This makes the salt space for md5 and xdes
> algorithms a lot smaller.

> Salts for blowfish and standard des are unaffected.

> Attached is upstream fix for it. This applies all the
> way from 7.2 to 8.1 and HEAD. Please apply this to all
> active branches.

Applied back to 7.3 ... we are not maintaining 7.2 anymore.

regards, tom lane

In response to

pgcrypto: bug in gen_salt (md5/xdes) at 2006-01-02 22:55:36 from Marko Kreen

Browse pgsql-patches by date

	From	Date	Subject
Next Message	Joe Conway	2006-01-03 23:50:32	Re: [BUGS] BUG #2129: dblink problem
Previous Message	Greg Stark	2006-01-03 23:28:34	Re: Stats collector performance improvement