| From: | Sam Mason <sam(at)samason(dot)me(dot)uk> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [GENERAL] SHA1 on postgres 8.3 |
| Date: | 2008-04-03 16:52:45 |
| Message-ID: | 20080403165245.GI6870@frubble.xen.chris-lamb.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
On Thu, Apr 03, 2008 at 06:14:17PM +0200, Svenne Krap wrote:
> Hashes are an absolute minimum for keeping passwords stored somehat
> safely in a database.
> More two or even three different hashes with different collion-points
> will strongly increase the security.
Not only that, but they also increase the complexity of the system.
Increases in complexity tend to mean decreases in reliability and,
by implication, security. As an example, someone may do some fancy
cryptanalysis and discover that having lots of hashes will actually make
it easier. As another point, most passwords have significantly less
state than a 128bit hash allowing attacks like rainbow tables become
viable.
Sam
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2008-04-03 16:55:16 | Re: modules |
| Previous Message | Pavan Deolasee | 2008-04-03 16:51:24 | Re: [HACKERS] ANALYZE getting dead tuple count hopelessly wrong |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2008-04-03 16:55:16 | Re: modules |
| Previous Message | Pavan Deolasee | 2008-04-03 16:51:24 | Re: [HACKERS] ANALYZE getting dead tuple count hopelessly wrong |