Re: Generating unique session ids

From: Chris Mair <list(at)1006(dot)org>
To: Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Generating unique session ids
Date: 2006-07-27 13:34:16
Message-ID: 1154007256.6238.3.camel@dell.home.lan
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general


> > SELECT md5('secret_salt' || nextval('my_seq')::text)
>
> * When somebody knows md5('secret_salt' || '5') he will be able to
> easily compute
> md5('secret_salt' || '50')
> md5('secret_salt' || '51')
> md5('secret_salt' || '52')
> ...
> md5('secret_salt' || '59')
> md5('secret_salt' || '500')
> md5('secret_salt' || '501')
> ...
> md5('secret_salt' || '[any number starting from 5]').
> Without knowledge of 'secret_salt'. So your proposal is totally
> insecure.

Challenge :)

chris=> select md5('******' || '5');
md5
----------------------------------
7b076f591070f6912e320b95782250ae
(1 row)

I won't tell what '******' was.

Can you send me what md5('******' || '50') will give?

Bye,
Chris.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2006-07-27 13:39:40 Re: Generating unique session ids
Previous Message Tomasz Ostrowski 2006-07-27 13:15:32 Re: Generating unique session ids