Skip site navigation (1) Skip section navigation (2)

Re: md5 collision generator

From: Joe Conway <mail(at)joeconway(dot)com>
To: "Matthew D(dot) Fuller" <fullermd(at)over-yonder(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Wim Bertels <wim(dot)bertels(at)khleuven(dot)be>, pgsql-admin(at)postgresql(dot)org
Subject: Re: md5 collision generator
Date: 2005-11-16 21:35:22
Message-ID: 437BA61A.7030400@joeconway.com (view raw or flat)
Thread:
Lists: pgsql-admin
Matthew D. Fuller wrote:
> On Wed, Nov 16, 2005 at 10:29:09AM -0500 I heard the voice of
> Tom Lane, and lo! it spake thus:
> 
>>The existence of this algorithm is disturbing, since it implies that
>>MD5 is weaker than people thought,
> 
> It occurs to me that, controlling everything that would be poking into
> that part of the database, it would be possible to store the password
> with several DIFFERENT hash algorithms, which would save us in the
> future from any of them being easily crackable (or even ALL of them,
> unless you can somehow create a collision across them all
> simultaneously).  It seems that even with 2 or 3 weak hashes, that
> might be safer long-term than with just 1 strong hash.  I s'pose it
> would add a little cost to the connection-establishing process...

We really should be using an HMAC instead of a simple hash anyway. I 
don't believe, even given the attacks available on MD5 and SHA1, that 
anyone has theorized or demonstrated any weakening of HMACs based on 
these hash algorithms (someone please correct me if they know otherwise).

Joe


In response to

pgsql-admin by date

Next:From: Wim BertelsDate: 2005-11-16 22:50:35
Subject: Re: md5 collision generator
Previous:From: Bruno Wolff IIIDate: 2005-11-16 20:43:15
Subject: Re: md5 collision generator

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group