Re: [GENERAL] SHA1 on postgres 8.3

From: Sam Mason <sam(at)samason(dot)me(dot)uk>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [GENERAL] SHA1 on postgres 8.3
Date: 2008-04-03 16:52:45
Message-ID: 20080403165245.GI6870@frubble.xen.chris-lamb.co.uk
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-hackers

On Thu, Apr 03, 2008 at 06:14:17PM +0200, Svenne Krap wrote:
> Hashes are an absolute minimum for keeping passwords stored somehat
> safely in a database.

> More two or even three different hashes with different collion-points
> will strongly increase the security.

Not only that, but they also increase the complexity of the system.
Increases in complexity tend to mean decreases in reliability and,
by implication, security. As an example, someone may do some fancy
cryptanalysis and discover that having lots of hashes will actually make
it easier. As another point, most passwords have significantly less
state than a 128bit hash allowing attacks like rainbow tables become
viable.

Sam

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Joshua D. Drake 2008-04-03 16:55:16 Re: modules
Previous Message Pavan Deolasee 2008-04-03 16:51:24 Re: [HACKERS] ANALYZE getting dead tuple count hopelessly wrong

Browse pgsql-hackers by date

  From Date Subject
Next Message Joshua D. Drake 2008-04-03 16:55:16 Re: modules
Previous Message Pavan Deolasee 2008-04-03 16:51:24 Re: [HACKERS] ANALYZE getting dead tuple count hopelessly wrong