Jim Michaels wrote:
> The following bug has been logged online:
> Bug reference: 4876
> Logged by: Jim Michaels
> Email address: jmichae3(at)yahoo(dot)com
> PostgreSQL version: 8.3.7-1
> Operating system: windows XP Pro SP3
> Description: author of MD5 says it's seriously broken - hash
> collision resistance problems
> If you are looking for hash collision protection, start looking at SHA-256
> or SHA-512.
> "In any case, you may not want to be using md5 (at least for
> applications requiring collision-resistance), as it is
> seriously broken. Use SHA-256 instead." - Ronald Rivest (author of MD5)
We are talking about two different uses here, I think.
Using MD5 for passwords doesn't, afaik, actually require
collision-resistance. It requires resistance against preimage-attacks,
which there are none for MD5. At least not yet.
The other use is for hashes in the application, for users of pgcrypto.
pgcrypto already provides SHA-256 and SHA-512 for this use.
> I was using MD5 in my zapdupes program and was told by the author of MD5,
> and switched to SHA-512, because of the size of the files I was dealing
> with. since you have BLOBs, I suggest you do the same.
There is no hashing of the BLOBs unless you build that into your
application, in which case it's your responsibility to use a secure
algorithm. PostgreSQL just stores it.
> this has implications for storing passwords as MD5 hashes. My
That would be the only system use of MD5. What implications are those?
We might want to consider using a safer hash for the password storage at
some point, but from what I gather it's not really urgent for *that* use.
What would be more urgent is to provide a secure hashing *function* to
end users that doesn't rely on pgcrypto. But there is a solution for
this available today for those who need it - install pgcrypto.
> I have implemented SHA-512 as GPL'd code that you may use at
PostgreSQL is a BSD project and we have no use for GPL code. We also
already have implementations of SHA256 and SHA512 that are BSD licensed
in our codebase.
> one possibility is that you could make the MD5 function actually return a
> SHA-512 hash.
That seems like a horrible idea.
In response to
pgsql-bugs by date
|Next:||From: Heikki Linnakangas||Date: 2009-06-24 09:13:46|
|Subject: Re: psql: FATAL: the database system is in recovery mode|
|Previous:||From: Albe Laurenz||Date: 2009-06-24 08:55:11|
|Subject: Re: [BUGS] Integrity check|