Re: PGSQL encryption functions

Mike & Tom,

The script I'm using to "break" md5 presumes that the cracker knows the 3
elements being concatenated together to form the plain-text sting which is
then passed into md5. The method I'm using then begins running through
various permutations. Do you believe that the methodology is appropriate or
that I'm being a bit paranoid?

Thanks

On Tuesday 01 November 2005 05:13 pm, Tom Lane wrote:
> "Mark R. Dingee" <mark(dot)dingee(at)cox(dot)net> writes:
> > md5 works, but I've been able to
> > brute-force crack it very quickly,
>
> Really? Where's your publication of this remarkable breakthrough?
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly

On Wednesday 02 November 2005 04:26 am, Mario Splivalo wrote:
> On Tue, 2005-11-01 at 17:13 -0500, Tom Lane wrote:
> > "Mark R. Dingee" <mark(dot)dingee(at)cox(dot)net> writes:
> > > md5 works, but I've been able to
> > > brute-force crack it very quickly,
> >
> > Really? Where's your publication of this remarkable breakthrough?
>
> I'd say you can't bruteforce md5, unless you're extremley lucky.
> However, md5 is easily broken, you just need to know how to construct
> the hashes.
>
> One could switch to SHA for 'increaased' security.
>
> Although I don't think he'd be having problems using MD5 as he described
> it. I'd also lilke to see he's example of brute-force 'cracking' the MD5
> digest.
>
> Mike